I recently converted a couple of systems from IPChains to IPTables. Everything seems to be working very well except I am noticing packets like this being rejected:
May 4 14:03:44 ljh-server kernel: EXT-FW IN=ppp0 OUT= MAC= SRC=64.4.49.78 DST=144.137.139.238 LEN=82 TOS=0x00 PREC=0x00 TTL=242 ID=38012 DF PROTO=TCP SPT=25 DPT=4106 WINDOW=33182 RES=0x00 ACK PSH FIN URGP=0 They look like reply packets coming back in but being rejected. I also notice the same thing with SPT=80 connections too. My EXT-FW chain looks like this: iptables -F EXT-FW iptables -A EXT-FW -i ! ppp+ -j EXTFWDROP iptables -A EXT-FW -p tcp --destination-port ssh -j ACCEPT iptables -A EXT-FW -p udp --destination-port ssh -j ACCEPT iptables -A EXT-FW -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A EXT-FW -j ICMP iptables -A EXT-FW -j EXTFWDROP So why isn't the --state ESTABLISHED,RELATED -j ACCEPT rule allowing these packets in? Regards, +-----------------------+---------------------------------+ | Peter Kiem | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT | Mobile : +61 0414 724 766 | | IT Consultancy & | WWW : www.zordah.net | | Internet Hosting | ICQ : "Zordah" 866661 | +-----------------------+---------------------------------+ _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
