[Gllug] Sendmail, Firewalls, SSL...

Formi formi at blueyonder.co.uk
Tue Jun 25 11:22:41 UTC 2002 

On Tue, 25 Jun 2002 tet at accucard.com wrote:

> 
> > Issue 2: I have setup the firewall with giptables, even made my
> > own webmail module. It prevents spoofing, xmas packets, odd 
> > fragmented ones... Where can I find info to decript what 
> > the firewall logs actually mean? I know wich ports are being
> > blocked, but I want to know why.  
> 
> You want to know why ports are being blocked? I'm not quite sure I
> understand. Surely you set up the rules yourself, so you know what
> you're blocking, right? Or does giptables do all that for you? The
> default for any decent firewall is to block *everything*, and only
> allow through those ports that you need. Or do you mean you want to
> know why packets are being dropped?

 Yes, I want to know why packets are being dropped in ports that are open.


> 
> > I don't actually have the time to check the TCP/IP RFCs.
> > So something in the "for dummies" fashion will be appreciated.
> >
> >Jun 25 07:09:47 ns kernel: giptables-drop-src-norule: IN=eth0 OUT= MAC=00:a0:2
> >4:5a:bf:c6:02:30:cd:00:07:bd:08:00 
> >SRC=204.123.28.33 DST=62.190.132.170 LEN=57 TOS=0x00 PREC=0x00 TTL=13 ID=3618 
> >PROTO=UDP SPT=3663 DPT=53 LEN=37 
> 
> The relevant bits here are:
> 
> 	SRC=204.123.28.33
> 	DST=62.190.132.170
> 	PROTO=UDP
> 	SPT=3663
> 	DPT=53
> 
> which shows it to be blocking a UDP packet from 204.123.28.33 on port 3663
> to 62.190.132.170 on port 53 (i.e., a DNS packet). As to *why* it's blocking
> it, who knows. Does the "giptables-drop-src-norule" correspond to a named
> rule somewhere, perhaps? One of the things I like about ipf is that each
> log message tells you the rule number that triggered it.
> 
> Tet

 I can work out that by myself, the giptables line is just an identifier 
to know that those lines are comming from the firewall.

 Yes, it also corresponds to the rule that droped the packet.




> 
> 
> 

-- 
				
    V   
   . .                              Formi		
    v 
   / \ GZ           MDK 8.2 ThinkPad 560E
  // \\/   
 /( _ )     Linux Registered User #235743
  ^   ^  	     	



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list