[ale] IPCHAINS: how to allow rsh from Linux to a SCO openserver 5 server

[Jerry Z. Yu]

greet all,

I tried to configure ipchains on a linux box 'linux.box' to allow rsh to a
SCO  openserver 5, sco5.box.

Chain input (policy DENY):
ACCEPT     tcp  !y----  sco5.box  anywhere shell ->   any
ACCEPT     tcp  !y----  sco5.box  anywhere login ->   any
Chain output (policy ACCEPT):

However, I cannot get through. logging after those two ACCEPT  shows
sco5.box is sending linux.box SYN packet, and to port 1022 or 1021 ???!!

Feb  7 13:28:27 linux.box kernel: Packet log: input - eth0 PROTO=6
sco.box.ip:1022 linux.box.ip:1022 L=44 S=0x00 I=54479 F=0x0000 T=64 SYN (#18)
Feb  7 13:28:27 linux.box kernel: Packet log: input - eth0 PROTO=6
sco.box.ip:1022 linux.box.ip:1022 L=44 S=0x00 I=54479 F=0x0000 T=64 SYN (#18)

Test 'rsh' with another linux box will estabish rsh session succesfully
and use the correct port as shown by 'netstat -t'. If I do without
restricting ports on linux.box, it will allow me to connect as well.

tcp        0      0 another.linux.box:1017  sco5.box:login ESTABLISHED

I  started to doubt myunderstadning of how rsh/rlogin works....

any idea?

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.