Re: [Firestarter-user] Re: Firestarter-user digest, Vol 1 #1052 - 2 msgs
Brought to you by:
majix
From: Tomas J. <to...@gm...> - 2005-01-31 10:04:54
|
On Sun, 30 Jan 2005 11:41:44 +0100, Robin Pronk <ro...@pr...> wrote: > Yes I need to open port 6112. But my problem is, that the port shouldn't > be permanently forwarded to 1 pc. > But I need something what detects incoming traffic on port 6112 and then > it should forward the port to that ip Unfortunately this is currently not possible with Firestarter. It's an inherit problem of using NAT and Internet connection sharing, to the outside world you just appear as a single IP. The firewall can't determine to which internal machine the traffic should go, unless you explicitly tell it. There is no incoming traffic on port 6112 to detect in your scenario. What would need to happen is that the firewall would check all the internal machines to see if the port is open, and only then start forwarding. Insanely complex. What would be feasible, and cool, is to implement some sort of general port-knocking scheme so that the internal machines can tell the firewall to modify itself. Say some internal machine pings the firewall on port 6112, and the firewall then forwards incoming traffic to the source according to some rules you've set up as part of the policy. The knocking feature could also be used for other things, for example revealing the SSH service once you hit a combination of ports in the correct order from the outside. Regards, Tomas |