[ale] next stupid ipchains question

Wandered Inn esoteric at atlnet.com
Thu Sep 7 19:39:09 EDT 2000 

Joe Knapka wrote:

> It may be useful to add a logging rule to firewall_a's input chain
> to see if anything is getting that far.

Well, I'm on to something here.  I changed the forward rule on the
router from MASQ to ACCEPT.  I then stuck a sniffer on the interface of
one machine on net_1.  I then attempted to telnet from net_2 machine to
the machine with the sniffer.  Things are getting through the router to
the sniffed interface, but I don't know why things aren't normal.  I'm
not up on decyphering sniffer data, even as pretty as ethereal makes
it.  Any suggestions will be greatly appreciated, while I dig into what
all this is supposed to be telling me.  Here's the output from the
sniffer:

   No. Time        Source                Destination           Protocol
Info
      1 0.000000    denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
      2 2.999825    denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
      3 4.998166    00:a0:cc:63:57:dd     00:20:78:02:71:d2     ARP     
Who has 192.168.10.215?  Tell 192.168.10.220
      4 4.998283    00:20:78:02:71:d2     00:a0:cc:63:57:dd     ARP     
192.168.10.215 is at 00:20:78:02:71:d2
      5 9.000733    denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
      6 21.002630   denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
      7 45.006437   denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
      8 93.014173   denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
      9 98.006034   00:a0:cc:63:57:dd     00:20:78:02:71:d2     ARP     
Who has 192.168.10.215?  Tell 192.168.10.220
     10 98.006149   00:20:78:02:71:d2     00:a0:cc:63:57:dd     ARP     
192.168.10.215 is at 00:20:78:02:71:d2
     11 189.029306  denali.home.edu       a.dmz.edu             TCP     
2130 > telnet [SYN] Seq=502284224 Ack=0 Win=32120
     12 194.024483  00:a0:cc:63:57:dd     00:20:78:02:71:d2     ARP     
Who has 192.168.10.215?  Tell 192.168.10.220
     13 194.024600  00:20:78:02:71:d2     00:a0:cc:63:57:dd     ARP     
192.168.10.215 is at 00:20:78:02:71:d2

> 
> -- Joe
> 
> *** Joseph Knapka ***
> In any formula, constants (especially those obtained from handbooks)
> are to be treated as variables.
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

Microsoft != Innovation
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list