IP Tables connection tracking for saned?
Matthew Saltzman
mjs at CLEMSON.EDU
Thu Oct 11 16:24:04 UTC 2007
On Thu, 2007-10-11 at 10:01 -0400, Tony Nelson wrote:
> At 3:39 AM +0000 10/11/07, Matthew Saltzman wrote:
> >I'm trying to get my scanner running as a network service so remote
> >machines can use it, but I've run into a snag. So my questions:
> >
> >- Does anyone have a good HOWTO for this?
> >
> >- In particular, there seems to be a connection tracker module for sane,
> >but if I add ip_conntrack_sane to the modules list in
> >/etc/sysconfig/iptables-config, the modules fail to load when I restart
> >iptables. What am I missing as far as that step?
>
> Do you have any evidence that ip_conntrack_sane exists? The only mention
> on Google is someone who couldn't find it (if I made sense of the
> translation from Chinese).
I'm not even sure where to look. ip_conntrack_netbios_ns and
ip_conntrack_amanda load fine. The only files with similar names I can
find are
/lib/modules/<version>/kernel/net/netfilter/nf_conntrack_netbios_ns.ko
and /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_amanda.ko,
but there is
a /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_sane.ko. So
if those files are related to those modules, the answer should be yes.
If not, then I really don't understand how the iptables modules thing
works at all.
>
> I see a hack using ipt_recent. Eww.
>
> You could always roll your own from the other examples. (I wonder if there
> is a configurable conntrack module? It seems that there could be, but I'd
> have to read the various modules to be sure.)
I could also just take down the firewall (or open all unprivileged
ports), but I was hoping not to have to do anything that drastic.
>
>
> >- Is there a way to get a Windows client to use a scanner served by a
> >Linux machine over the net?
>
> Googling makes me think "yes, of course", but I haven't tried it.
Thanks.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the fedora-list
mailing list