[ale] next stupid ipchains question
Wandered Inn
esoteric at atlnet.com
Thu Sep 7 16:19:54 EDT 2000
Joe Knapka wrote:
>
> Wandered Inn wrote:
> > $IPCHAINS -A forward -j ACCEPT
> > $IPCHAINS -A forward -j DENY -l
> >
> > No communication through the through the router. No logging at all.
>
> OK, that means that either:
>
> (a) packets are being accepted by the first rule, or
> (b) packets are never getting to the forward chain at all.
>
> Since it works with -j MASQ I'd say (b) is not the
> case, so the firewall is accepting the packet but some other
> factor is preventing communication. You can confirm that by
> adding -l to the first rule to log that packets are
> being accepted.
Okay, this doesn't really tell me anything, but I took the above
scenario and added logging to the first chain (ACCEPT). If I attempt to
telnet to a machine from net_2 to net_1 now I can't get there but I do
see the following being logged:
Sep 7 11:21:47 b kernel: Packet log: forward ACCEPT eth0 PROTO=6
192.168.255.253:2084 192.168.10.215:23 L=60 S=0x00 I=60339 F=0x4000 T=63
SYN (#1)
So the first chain is processing the telnet request, but I'm not getting
through. I guess I should try this and stick a sniffer on the interface
that connects this router to the other network to see if anything is
getting that far.
--
Until later: Geoffrey esoteric at denali.atlnet.com
Microsoft != Innovation
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list