Re: IP Tables connection tracking for saned?

On Thu, 2007-10-11 at 10:01 -0400, Tony Nelson wrote:
> At 3:39 AM +0000 10/11/07, Matthew Saltzman wrote:
> >I'm trying to get my scanner running as a network service so remote
> >machines can use it, but I've run into a snag.  So my questions:
> >
> >- Does anyone have a good HOWTO for this?
> >
> >- In particular, there seems to be a connection tracker module for sane,
> >but if I add ip_conntrack_sane to the modules list in
> >/etc/sysconfig/iptables-config, the modules fail to load when I restart
> >iptables.  What am I missing as far as that step?
> Do you have any evidence that ip_conntrack_sane exists?  The only mention
> on Google is someone who couldn't find it (if I made sense of the
> translation from Chinese).

I'm not even sure where to look.  ip_conntrack_netbios_ns and
ip_conntrack_amanda load fine.  The only files with similar names I can
find are
and /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_amanda.ko,
but there is
a /lib/modules/<version>/kernel/net/netfilter/nf_conntrack_sane.ko.  So
if those files are related to those modules, the answer should be yes.

If not, then I really don't understand how the iptables modules thing
works at all.

> I see a hack using ipt_recent.  Eww.
> You could always roll your own from the other examples.  (I wonder if there
> is a configurable conntrack module?  It seems that there could be, but I'd
> have to read the various modules to be sure.)

I could also just take down the firewall (or open all unprivileged
ports), but I was hoping not to have to do anything that drastic.

> >- Is there a way to get a Windows client to use a scanner served by a
> >Linux machine over the net?
> Googling makes me think "yes, of course", but I haven't tried it.

                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu

