[Gllug] Sendmail, Firewalls, SSL...

tet at accucard.com tet at accucard.com
Tue Jun 25 10:56:40 UTC 2002


> Issue 2: I have setup the firewall with giptables, even made my
> own webmail module. It prevents spoofing, xmas packets, odd 
> fragmented ones... Where can I find info to decript what 
> the firewall logs actually mean? I know wich ports are being
> blocked, but I want to know why.  

You want to know why ports are being blocked? I'm not quite sure I
understand. Surely you set up the rules yourself, so you know what
you're blocking, right? Or does giptables do all that for you? The
default for any decent firewall is to block *everything*, and only
allow through those ports that you need. Or do you mean you want to
know why packets are being dropped?

> I don't actually have the time to check the TCP/IP RFCs.
> So something in the "for dummies" fashion will be appreciated.
>
>Jun 25 07:09:47 ns kernel: giptables-drop-src-norule: IN=eth0 OUT= MAC=00:a0:2
>4:5a:bf:c6:02:30:cd:00:07:bd:08:00 
>SRC=204.123.28.33 DST=62.190.132.170 LEN=57 TOS=0x00 PREC=0x00 TTL=13 ID=3618 
>PROTO=UDP SPT=3663 DPT=53 LEN=37 

The relevant bits here are:

	SRC=204.123.28.33
	DST=62.190.132.170
	PROTO=UDP
	SPT=3663
	DPT=53

which shows it to be blocking a UDP packet from 204.123.28.33 on port 3663
to 62.190.132.170 on port 53 (i.e., a DNS packet). As to *why* it's blocking
it, who knows. Does the "giptables-drop-src-norule" correspond to a named
rule somewhere, perhaps? One of the things I like about ipf is that each
log message tells you the rule number that triggered it.

Tet


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list