some web sites need more than port 80?....
tradecraft at ixpres.com
Sun Mar 6 13:03:16 PST 2005
seberino at spawar.navy.mil wrote:
>I locked down my laptop with a firewall script to only
>allow port 80.
>I noticed that only the text gets downloaded from ucsd.edu.
>It seems that the graphics from ucsd.edu could not get
>through my firewall.
>Do webs sites now send JPEGs in parallel with the text
>on a different port or something?
If we're talking iptables here, did you also allow established and
related connections? In iptables, the rule for an interface would be:
iptables -A INPUT -i [interfacename] -s [allowed_addresses] -p tcp
--sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED,RELATED
If you want to allow anyone to connect on port 80, omit the
If you only allow new connections, incoming images, which might come
from a different server, but be related to an existing connections will
be dropped because they won't match a rule allowing just new connections.
Only thing I can think of.
More information about the KPLUG-List