[ale] new to IPTABLES

Sat Jan 12 07:36:32 EST 2002

Dean wrote:

> I?m kind of new to IPTABLES.  My boss pointed me to a firewall and said 
> fix it. Well I?m kind of stuck.  The firewall is constructed on linux 
> 7.1 kernel 2.4.2-2. It seems like not matter how the simple the rule is 
> that I put in the firewall script I get no response. The script runs 
> with out errors. I flushed the firewall before every build and ran the 
> zero function.  The best response I get is that if I apply the rules,
> 

First, and this is just a pet peve of mine....There is no such thing as Linux 7.1.  There is a RedHat 7.1 and a SuSE 7.1 distribution of Linux, but no v7.1 of Linux itself.

>  
> 
> /sbin/iptables -A INPUT   -s 0/0 -p tcp --dport 23:23     -j DROP
> 
> /sbin/iptables -A INPUT   -s 0/0 -p tcp --sport 23:23     -j DROP
> 
>  
> 
> the firewall will timeout trying to connect, I would expect to get a 
> connection refused message.  If I remove the rule I get right in.  I 
> also applied a simple HOST forwarding rule that should forward the 
> incoming telnet connection to an internal server.  When I execute this 
> script I get the same thing?. Timeout while trying to connect. A can 
> telnet to the server fine from the internal network.  I?m not sure what 
> to try next?  Any help is appreciated.

Your expectation is wrong.  You are getting timeouts, as opposed to connetion refused, because you are dropping the packets with these rules.  If you need a connection refused message, then you can't drop the packets, but you must reply to them with a refusal message.

Lost in Tokyo,
   Keith

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.