Firewall fiasco

From eddynetweb's cesspit
Revision as of 13:14, 15 April 2017 by Eddynetweb (talk | contribs) (→‎oidentd and port 113)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

oidentd and port 113

"oidentd" won't authenticate a proper mask without opening port 113 on whatever firewall application you're using to manage connections. This is especially obvious if you use ZNC and you desire to allow such identification authentication.


Solution

Open up port 113 through your firewall. Here's an example with IPTables:

iptables -t filter -I INPUT -p 113 -j ACCEPT
iptables -t filter -I OUTPUT -p 113 -j ACCEPT

Good luck!

IPv6 TUN issue

Unblocking Protocol 41 generally works to bypass firewall restrictions for IPv6 tunnel traffic. Sometimes this is not the case with CSF, even if you specify in the TCP_IN section port "41". Instead, the IPv6 connection will generally hang after a short period of time when establishing a connection to the firewall.


Solution

Simply go to /etc/csf/csfpre.sh (or create it if it doesn't already exist), and add the following:

 # Protocol 41 for Hurricane Electric Tunnelbroker
iptables -t filter -I INPUT -p 41 -j ACCEPT
iptables -t filter -I OUTPUT -p 41 -j ACCEPT

CSF will run this script at the end of applying all other rules. It simply applies the policy which protocol 41 is whitelisted inbound/outbound in its entirety.

Even if you're not running CSF, the general rule applies in this instance.