[ale] Elusive ipchains issue (Long)

[Joe Steele]

Among your input rules is one which accepts packets whose 
destination is 208.32.175.148, port 9100.  Also among your 
input rules is the following which has denied 57 packets 
whose destination was not 208.32.175.148:

57 40540 DENY       all  ------ 0xFF 0x00  *               
               0.0.0.0/0            !208.32.175.148        n/a

Also, this appears to be one of the few places where 
incoming TCP SYN packets are not logged.

It's just a guess, but could it be that this box has more than 
one interface and that packets coming from home are addressed 
to the interface whose IP is 208.32.175.148, but packets from 
elsewhere are addressed to an interface with a different IP?

As for the opts flags, I don't have any docs handy to check, 
but I believe (someone can correct me if I'm wrong):

  y  ='match a TCP SYN flag', 
  l  ='log packets which match', and 
  !y ='match packets without a TCP SYN flag'.

--Joe

-----Original Message-----
From:	Howard Fore [SMTP:me at hofo.com]
Sent:	Thursday, July 05, 2001 3:45 PM
To:	ale at ale.org
Subject:	[ale] Elusive ipchains issue (Long)

Hi,

I've got a SuSE 7.2 machine with ipchains and a mail server on it at a 
local ISP. The mail server has a HTTPS webmail interface running on port 
9100. I used the SuSEfirewall script to configure ipchains. From my 
home, selected as a trusted network, I can connect to the webmail 
interface. From anywhere else, all requests to 9100 go into a black 
hole. They don't even show up on the log as denied! The only thing I can 
figure is that something is funky in my the chain, but it looks ok to me 
(but then again I haven't done this too often). Any ideas? Here's the 
dump of the chains (ipchains -L -nv):

And on a related note, what's the format of the "opt" column in this 
listing. I can't find that anywhere...

Thanks.

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.