[ale] next stupid ipchains question

Wandered Inn esoteric at atlnet.com
Thu Sep 7 16:19:54 EDT 2000


Joe Knapka wrote:
> 
> Wandered Inn wrote:

> > $IPCHAINS -A forward -j ACCEPT
> > $IPCHAINS -A forward -j DENY -l
> >
> > No communication through the through the router.  No logging at all.
> 
> OK, that means that either:
> 
> (a) packets are being accepted by the first rule, or
> (b) packets are never getting to the forward chain at all.
> 
> Since it works with -j MASQ I'd say (b) is not the
> case, so the firewall is accepting the packet but some other
> factor is preventing communication. You can confirm that by
> adding -l to the first rule to log that packets are
> being accepted.

Okay, this doesn't really tell me anything, but I took the above
scenario and added logging to the first chain (ACCEPT).  If I attempt to
telnet to a machine from net_2 to net_1 now I can't get there but I do
see the following being logged:

Sep  7 11:21:47 b kernel: Packet log: forward ACCEPT eth0 PROTO=6
192.168.255.253:2084 192.168.10.215:23 L=60 S=0x00 I=60339 F=0x4000 T=63
SYN (#1)

So the first chain is processing the telnet request, but I'm not getting
through.  I guess I should try this and stick a sniffer on the interface
that connects this router to the other network to see if anything is
getting that far.



--
Until later: Geoffrey		esoteric at denali.atlnet.com

Microsoft != Innovation
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list