[ale] Elusive ipchains issue (Long)

Howard Fore me at hofo.com
Fri Jul 6 11:05:50 EDT 2001 

Unfortunately, no. There's only one NIC in the machine.

Hwrd

On 7/5/01 8:12 PM, "Joe Steele" <joe at madewell.com> wrote:

> Among your input rules is one which accepts packets whose
> destination is 208.32.175.148, port 9100.  Also among your
> input rules is the following which has denied 57 packets
> whose destination was not 208.32.175.148:
> 
> 57 40540 DENY       all  ------ 0xFF 0x00  *
>              0.0.0.0/0            !208.32.175.148        n/a
> 
> Also, this appears to be one of the few places where
> incoming TCP SYN packets are not logged.
> 
> It's just a guess, but could it be that this box has more than
> one interface and that packets coming from home are addressed
> to the interface whose IP is 208.32.175.148, but packets from
> elsewhere are addressed to an interface with a different IP?
> 
> As for the opts flags, I don't have any docs handy to check,
> but I believe (someone can correct me if I'm wrong):
> 
> y  ='match a TCP SYN flag',
> l  ='log packets which match', and
> !y ='match packets without a TCP SYN flag'.
> 
> --Joe
> 
> -----Original Message-----
> From:    Howard Fore [SMTP:me at hofo.com]
> Sent:    Thursday, July 05, 2001 3:45 PM
> To:    ale at ale.org
> Subject:    [ale] Elusive ipchains issue (Long)
> 
> Hi,
> 
> I've got a SuSE 7.2 machine with ipchains and a mail server on it at a
> local ISP. The mail server has a HTTPS webmail interface running on port
> 9100. I used the SuSEfirewall script to configure ipchains. From my
> home, selected as a trusted network, I can connect to the webmail
> interface. From anywhere else, all requests to 9100 go into a black
> hole. They don't even show up on the log as denied! The only thing I can
> figure is that something is funky in my the chain, but it looks ok to me
> (but then again I haven't done this too often). Any ideas? Here's the
> dump of the chains (ipchains -L -nv):
> 
> And on a related note, what's the format of the "opt" column in this
> listing. I can't find that anywhere...
> 
> Thanks.
> 
> 

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list