Re: [tlug] iptables and port-forwarding concerns

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Josh" == Josh Glover <tlug@example.com> writes:

    Josh> Heh. I have never seriously thought you an idiot. I just get
    Josh> my jollies by poking fun at you when you give me a huge
    Josh> opening! ;)

*snicker*

    Josh> OK, 23 of the 32 bits in your address are denoting the
    Josh> network portion (yes kids, that is how CIDR notation works),
    Josh> so you have the IP addresses 192.168.0.0 - 192.168.1.1 in
    Josh> your subnet, right?

*chuckle* -> 192.168.1.255

    Josh> Just making sure *I* am not making a stupid mistake! :)

*guffaw* "... rather than open your mouth and remove all doubt!"

    >> 3) spider runs its own software, including Apache, an MTA, BIND
    >> and a few other odds and ends. What happens if one of these
    >> applications tries to open a connection with a remote host from
    >> a TCP port in the range forwarded to fly, are packets coming
    >> back going to be directed to fly or is the IP routing in the
    >> Linux kernel (2.4.25) smarter than that?

It can be if you make it so, but you may have to add a separate table
for stuff "coming from inside".  I don't see why it would make that
distinction by default.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.