opening ports for applications

Hi,

I've been working on porting a Windows application to Linux. The
application acts as a server which doesn't decide which port it will
listen on until it is actually run. This port is registered with a
different registration server. Clients can obtain the port (and host)
the application is listening to by querying the registration server.

So, my problem is with the firewall. IPTables allows me to open the
port up for the registration server (it's always listening on the same
port) it doesn't seem to allow opening ports on a application level
(ie. whatever port application X requests, allow it). I've had a quick
look at tcpwrappers but I don't really know if that's the solution
here (is my application easily moved to inetd?). Is there a way to
tackle this problem?

tom

(E-Mail Removed) coughed up some electrons that declared:

> Hi,
>
> I've been working on porting a Windows application to Linux. The
> application acts as a server which doesn't decide which port it will
> listen on until it is actually run. This port is registered with a
> different registration server. Clients can obtain the port (and host)
> the application is listening to by querying the registration server.
>
> So, my problem is with the firewall. IPTables allows me to open the
> port up for the registration server (it's always listening on the same
> port) it doesn't seem to allow opening ports on a application level
> (ie. whatever port application X requests, allow it). I've had a quick
> look at tcpwrappers but I don't really know if that's the solution
> here (is my application easily moved to inetd?). Is there a way to
> tackle this problem?
>
> tom

Can you not fix the port (even it it still continues to register)?

Or fix it to within a very small range?

I take it the firewall isn't on the same box?

Tim

On Jul 13, 9:43 am, Tim Southerwood <t...@dionic.net> wrote:
> thomas.san...@gmail.com coughed up some electrons that declared:
>
>
>
> > Hi,
>
> > I've been working on porting a Windows application to Linux. The
> > application acts as a server which doesn't decide which port it will
> > listen on until it is actually run. This port is registered with a
> > different registration server. Clients can obtain the port (and host)
> > the application is listening to by querying the registration server.
>
> > So, my problem is with the firewall. IPTables allows me to open the
> > port up for the registration server (it's always listening on the same
> > port) it doesn't seem to allow opening ports on a application level
> > (ie. whatever port application X requests, allow it). I've had a quick
> > look at tcpwrappers but I don't really know if that's the solution
> > here (is my application easily moved to inetd?). Is there a way to
> > tackle this problem?
>
> > tom
>
> Can you not fix the port (even it it still continues to register)?
>
> Or fix it to within a very small range?

Unfortunately this is out of my control :-(

> I take it the firewall isn't on the same box?

I only need to support the scenario where the server app and the
firewall are running on the same machine.

> Tim

(E-Mail Removed) coughed up some electrons that declared:

>
> I only need to support the scenario where the server app and the
> firewall are running on the same machine.
>
>> Tim

That's easier then - can you have your app issue a netfilter update when it
knows it needs another hold in the firewall (or signal another process to
do so on its behalf)?

Cheers

Tim

Tim Southerwood wrote:

> (E-Mail Removed) coughed up some electrons that declared:
>
>>
>> I only need to support the scenario where the server app and the
>> firewall are running on the same machine.
>>
>>> Tim
>
> That's easier then - can you have your app issue a netfilter update when
> it knows it needs another hold in the firewall (or signal another process
^^^^^
hole

> to do so on its behalf)?
>
> Cheers
>
> Tim

On Jul 13, 5:44 pm, Tim Southerwood <t...@dionic.net> wrote:
> thomas.san...@gmail.com coughed up some electrons that declared:
>
>
>
> > I only need to support the scenario where the server app and the
> > firewall are running on the same machine.
>
> >> Tim
>
> That's easier then - can you have your app issue a netfilter update when it
> knows it needs another hold in the firewall (or signal another process to
> do so on its behalf)?

I can do a minor update to the code base like this but I was hoping I
could get away with changing as little code as possible, I was hoping
this would be a setup issue but if this is the easiest solution then I
can handle that.

thanks

tom

> Cheers
>
> Tim