Re: IP Tables connection tracking for saned? [SOLVED]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2007-10-11 at 12:24 -0400, Matthew Saltzman wrote:
> On Thu, 2007-10-11 at 10:01 -0400, Tony Nelson wrote:
> > At 3:39 AM +0000 10/11/07, Matthew Saltzman wrote:
> > >I'm trying to get my scanner running as a network service so remote
> > >machines can use it, but I've run into a snag.  So my questions:
> > >
> > >- Does anyone have a good HOWTO for this?
> > >
> > >- In particular, there seems to be a connection tracker module for sane,
> > >but if I add ip_conntrack_sane to the modules list in
> > >/etc/sysconfig/iptables-config, the modules fail to load when I restart
> > >iptables.  What am I missing as far as that step?
> > 
> > Do you have any evidence that ip_conntrack_sane exists?  The only mention
> > on Google is someone who couldn't find it (if I made sense of the
> > translation from Chinese).
> 
> I'm not even sure where to look.  ip_conntrack_netbios_ns and
> ip_conntrack_amanda load fine.  The only files with similar names I can
> find are
> /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_netbios_ns.ko
> and /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_amanda.ko,
> but there is
> a /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_sane.ko.  So
> if those files are related to those modules, the answer should be yes.
> 
> If not, then I really don't understand how the iptables modules thing
> works at all.

Well, in retrospect it seems like an obvious thing.  Loading
nf_conntrack_sane works just fine.  In fact, for many of the modules,
you can have iptables load ip_conntrack_<service> or
nf_conntrack_<service>.  I suppose that's a backward compatibility thing
where "nf" is the new form and "ip" is the old, but for sane, the old
form doesn't work.

On to figure out the rest of this.

> 
> > 
> > I see a hack using ipt_recent.  Eww.
> > 
> > You could always roll your own from the other examples.  (I wonder if there
> > is a configurable conntrack module?  It seems that there could be, but I'd
> > have to read the various modules to be sure.)
> 
> I could also just take down the firewall (or open all unprivileged
> ports), but I was hoping not to have to do anything that drastic.
> 
> > 
> > 
> > >- Is there a way to get a Windows client to use a scanner served by a
> > >Linux machine over the net?
> > 
> > Googling makes me think "yes, of course", but I haven't tried it.
> 
> Thanks.
-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux