Hello, I am a new debian user and someone still learning linux. I have a small problem. In my company ( which is a microsoft developer ) I insisted on using a firewall created with Ipchains of 3 zones ( dmz - local - internet ) on a Intel Pentium Pro processor machine running Debian 2.2r3 on it ( base system + mc + tcpdump + nano ) instead of Microshit's ISA Server. Strangely enough one of the interfaces ( the internet interface ) completely at arbitrary times start sending packets to itself. Packet proto=1 sourceip:3 rd port to sourceip:1 st port s=0xc0 f=0x0000 t=255 log says. As far as I understand from this log the packet sent is an ICMP packet from port 3 to tcpmux port ( icmp's have ports ? knew they did not ) of size 13 hexadecimals not fragmented and time to live is 255. But this is not possible. 1st no one can use this machine as a terminal and no one can telnet to it's interfaces. 2nd rp_filter is set to 1 for all interfaces ( in case of a spoof attack ) . Can anyone help me about that ? I am sure there is something I do not know but what is it ?
Thanx John. Note : If I succeed on this debian firewall the ftp server will also be Linux and web server as well . _____________________________________________________________ Get your free e-mail account: http://www.petekmail.com
