Re: iptables in 2.4.10, 2.4.11pre6 problems

From: Wilson (defiler@null.net)
Date: Tue Oct 09 2001 - 12:40:59 EST


----- Original Message -----
From: "Trever L. Adams" <trever_adams@yahoo.com>
To: "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>

> I am seeing messages such as:
>
> Oct 9 12:52:51 smeagol kernel: Firewall:IN=ppp0 OUT= MAC=
> SRC=64.152.2.36 DST=MY_IP_ADDRESS LEN=52 TOS=0x00 PREC=0x00 TTL=246
> ID=1093 DF PROTO=TCP SPT=80 DPT=33157 WINDOW=34752 RES=0x00 ACK FIN
> URGP=0
>
> In my firewall logs. I see them for ACK RST as well. These are valid
> connections. My rules follow for the most part (a few allowed
> connections to the machine in question have been removed from the
> list). This often leaves open connections in a half closed state on
> machines behind this firewall. It also some times kills totally open
> connections and I see packets rejected that should be allowed through.

This is someone on the outside scanning you for Back Orifice. I don't
understand why this is supposed to be a valid connection.
>From your iptables output, it looks like your rules are working properly.
(They aren't set up exactly how I would have done it, but it's all a matter
of style.)
Can you give a more specific example of something that it being DROPped when
it shouldn't be?

--Wilson.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Oct 15 2001 - 21:00:26 EST