Ok...

I am having trouble with a certain concept inherent in ipchains...

Now If I want to allow anyone in the world to access a certain service via a certain port, which one of these rules do I implement?


1)

ipchains -A input -d myipaddress --dport myport -p tcp -j ACCEPT

which comes out as

ACCEPT tcp ------ anywhere myipaddress any -> myport

2)

ipchains -A input -d myipaddress --sport myport -p tcp -j ACCEPT

which comes out as

ACCEPT tcp ------ anywhere myipaddress myport -> any

3)

ipchains -A input -d myipaddress --dport myport --sport myport -p tcp -j ACCEPT

which comes out as

ACCEPT tcp ------ anywhere myipaddress myport -> myport



My best guess is to use the first example...

am I wrong?

the ports in question are generic such as smtp, http, domain, auth, https, etc....

do certain services initiate connections on certain ports (source or destination) and then later change them after a connection has been established?

basically, will said service that is supposed to operate on port X always use port X as it's source and destination port portion of it's transmitted packets?

am I making since? am I thinking about this too hard to the point where I have convoluted the fundamental concept?

any help you can offer is appreciated!

Rule no 1 is the correct one. When someone is connecting to your service, the person is connecting to a certain port, but you don't know which port will this person use (source side). For example, when somone connects to your www server it may be that the person connects from port 1245 (to your port 80) and then, a second try, from the port 1267.

awesome... this was my assumption...