Re: How to stop kernel TCP responses on a port

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Brad Campbell <lists2009@fnarfbargle.com>
To: Dale Mellor <dale@rdmp.org>, Payam Chychi <pchychi@gmail.com>
Cc: Leonardo Rodrigues <leolistas@solutti.com.br>, netfilter@vger.kernel.org
Subject: Re: How to stop kernel TCP responses on a port
Date: Mon, 08 Sep 2014 11:11:11 +0800	[thread overview]
Message-ID: <540D1E4F.4000704@fnarfbargle.com> (raw)
In-Reply-To: <1409895712.16431.7.camel@l3>

On 05/09/14 13:41, Dale Mellor wrote:
>

> Anyway, the point is I don't want the syn-ack to come from the ground,
> but the Linux kernel insists on sending it.  That's what I want to
> filter out, or otherwise stop.

The kernel only does that if there is a piece of application code that 
is bound to that socket.

> In case I haven't been clear, the PC is the gateway to the spacecraft;
> effectively, it _is_ the proxy.  When a telnet client (on the ground)
> connects to the gateway (on the ground), the gateway is responding to
> the SYN when I don't want it to.

Ok, so the ground station PC is acting as a proxy and you don't want 
that. You want it to *route* the IP packets rather than be an 
application level proxy.

So at the moment you are connecting to a socket that is bound in the 
ground station PC. There is a piece of code there than binds and then 
accepts the connection. Stop doing that and have iptables forward/nat 
the packets instead.

If all that is incorrect, then you have not provided anywhere enough 
information on the how's and why's.

next prev parent reply	other threads:[~2014-09-08  3:11 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-04 15:17 How to stop kernel TCP responses on a port Dale Mellor
2014-09-04 16:16 ` Leonardo Rodrigues
2014-09-05  4:27   ` Dale Mellor
     [not found]     ` <CBD8736BE6044AE0B06076D69855AF85@gmail.com>
2014-09-05  5:41       ` Dale Mellor
2014-09-08  3:11         ` Brad Campbell [this message]
2014-09-09 13:49           ` Dale Mellor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=540D1E4F.4000704@fnarfbargle.com \
    --to=lists2009@fnarfbargle.com \
    --cc=dale@rdmp.org \
    --cc=leolistas@solutti.com.br \
    --cc=netfilter@vger.kernel.org \
    --cc=pchychi@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.