Re: firewall and talk & rlogin

In article <2ktvg3$erl_at_monk.rsip.lsu.edu>, sli_at_ascii.csc.lsu.edu (Siqiao Li) writes:
|>I have been having problems with talk and rlogin since the firewall
|>setup at the cisco router, which filters incoming packets whose TCP
|>or UDP port below 1024.
|>
|>The problem with talk is that It can connect to remote machine's
|>talk daemon(UDP port 518) and drop a talk request, however, the remote
|>machine can't talk back though we open port 518. I check the used ports.
|>Seems unix uses 518 and 517 for talk while Wollongong just uses 518 for
|>ntalk???

UDP port 517 is used by 'old' talk, where as port 518 is used for 'new' talk. Old talk suffers from serious deficiencies, including being sensitive to the endian-ness of the two hosts attempting to communicate. Wollongong does not supply an implementation of 'old' talk for this reason.

New talk is a much better protocol, and we provide support for it. Most systems offer an implementation of 'new' talk, with Sun being the only major exception that comes to mind.

|>The problem with rlogin is that it can connect to remote machine's
|>login port but the program itself assigned the local TCP port lower than
|>1024, then the remote machine just can't make the connection back.
|>My question is: is it possible to manually assign port # >1024 for rlogin
|>sessions or is there a way to fool the system that all ports <1024 all
|>busy, please allocate higher ports?

No. The RLOGIN protocol requires that the originating end use a privileged port to provide some measure of security against someone writing an rlogin client that allows the user to spoof the local username.

--
Reece R. Pollack
Senior Software Engineer
The Wollongong Group, Inc.