ip firewalling bug? (2.1.125)

nop@blue.netnation.com
Fri, 6 Nov 1998 02:46:11 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Simon Kenyon: "Re: Erratic PS/2 Mouse in 2.1.126"
Previous message: Hugo Mildenberger: "Re: Dreadful xfer rates and TCPv4 bad checksum in 2.1.1xx with PPP"

I have only tried this in 2.1.125.
No icmp messages are sent to the sender of a packet when there is a reject
rule for outgoing packets matching that packet:

01:27:10.592720 10.1.1.3.2939 > 1.2.3.4.1234: S 2286262179:2286262179(0) win 31856 <mss 1460,sackOK,timestamp 3398745687[|tcp]> (DF)
01:27:13.591702 10.1.1.3.2939 > 1.2.3.4.1234: S 2286262179:2286262179(0) win 31856 <mss 1460,sackOK,timestamp 3398748759[|tcp]> (DF)

Nov 6 01:27:10 loophole kernel: Packet log: out REJECT ppp0 PROTO=6 x.x.x.x:62881 1.2.3.4:1234 L=60 S=0x00 I=22199 F=0x4000 T=63
Nov 6 01:27:13 loophole kernel: Packet log: out REJECT ppp0 PROTO=6 x.x.x.x:62881 1.2.3.4:1234 L=60 S=0x00 I=22200 F=0x4000 T=63

(I don't think this has to do with ipmasq because it also happens when
trying to connect() from the firewall box)

According to the ipchains manpage:

REJECT means the same as drop, but is more polite and easier to debug,
since an ICMP message is sent back to the sender indicating that the
packet was dropped. (Note that DENY and REJECT are the same for ICMP
packets).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Simon Kenyon: "Re: Erratic PS/2 Mouse in 2.1.126"
Previous message: Hugo Mildenberger: "Re: Dreadful xfer rates and TCPv4 bad checksum in 2.1.1xx with PPP"