[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] next stupid ipchains question
- Subject: [ale] next stupid ipchains question
- From: esoteric at atlnet.com (Wandered Inn)
- Date: Thu, 07 Sep 2000 16:19:54 -0400
Joe Knapka wrote:
>
> Wandered Inn wrote:
> > $IPCHAINS -A forward -j ACCEPT
> > $IPCHAINS -A forward -j DENY -l
> >
> > No communication through the through the router. No logging at all.
>
> OK, that means that either:
>
> (a) packets are being accepted by the first rule, or
> (b) packets are never getting to the forward chain at all.
>
> Since it works with -j MASQ I'd say (b) is not the
> case, so the firewall is accepting the packet but some other
> factor is preventing communication. You can confirm that by
> adding -l to the first rule to log that packets are
> being accepted.
Okay, this doesn't really tell me anything, but I took the above
scenario and added logging to the first chain (ACCEPT). If I attempt to
telnet to a machine from net_2 to net_1 now I can't get there but I do
see the following being logged:
Sep 7 11:21:47 b kernel: Packet log: forward ACCEPT eth0 PROTO=6
192.168.255.253:2084 192.168.10.215:23 L=60 S=0x00 I=60339 F=0x4000 T=63
SYN (#1)
So the first chain is processing the telnet request, but I'm not getting
through. I guess I should try this and stick a sniffer on the interface
that connects this router to the other network to see if anything is
getting that far.
--
Until later: Geoffrey esoteric at denali.atlnet.com
Microsoft != Innovation
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.