« New SA8300HD/HLN4365W1 DiscoveryDVD: The Brothers Grimm »

Latest iptables tweaks on 'box'

04/30/06

  12:31:02 pm, by The Dreamer   , 516 words  
Categories: ReplayTV, Computer, Networking

Latest iptables tweaks on 'box'

After much fiddling around, I found the problem to be my MASQUERADE rule was too specific. In that it was only MASQUERADING IVS packets going out through box to the outside world. Loosening it to MASQUERADING all packets routed through the box regardless of source/destination resolved it.

Kind of makes sense...since only the packets I route through it are the sort that I want to have handled.

Meanwhile, I had always suspected there was this other bug in my setup....namely anything destined for an IVS port was being forwarded to the RTV, regardless of whether it should be allowed to route out of the box unaffected.

I confirmed it by doing a GET http://www.yahoo.com:rtv_port/ivs-IVSGetUnitInfo and getting the response from the RTV in question....rather than the expected error for no such port on Yahoo! &#59;)

So, I tweaked those rules to check more than just the destination port in making its decision on where to redirect it to. I suppose it might have caused problems in the past if a remote RTV user happened to use the same port that I was using....and it was just lucky that so far nobody has been using my convention....

Finally, I reviewed my block rules. While the rule of blocking an IP from doing any transfers was unaffected by the change. I realized that the rule of blocking an IP from doing transfers with a specific unit on my end was flawed, and was blocking too much.

Plus, due to a typo, I was blocking the user from the wrong unit. The detail is I had X shows on two units, and I sent the show from the unit the user had requested from. But, during some housecleaning I inadvertently moved the wrong shows (actually, the correct one...but it clobbered the transfer in progress). I promptly resent the shows from the other unit, etc. But, the user wouldn't cancel the old transfers and use the new ones....and I was getting annoyed looking at the error log messages.

Eventually the requests expired from Poopli...but....

Meanwhile, the only question now is...did these changes break my IVS Status Sniffer.... :??:

Pages: · 2

No feedback yet

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 1 month 1 day 13 hours 35 minutes and 36 seconds until the end of time.
And, it has been 4 years 11 months 27 days 27 minutes and 20 seconds since The Doctor saved us all from the end of the World!

Search

December 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 2
This seal is issued to lawrencechen.net by StopTheHacker Inc.
powered by b2evolution

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime