From: "Stephen J. McCracken" <smccrack@hcjb.org.ec>
To: netfilter@lists.netfilter.org
Subject: Can someone please explain to a newbie?
Date: 14 Aug 2003 14:36:34 -0500 [thread overview]
Message-ID: <1060889794.3959.47.camel@localhost.localdomain> (raw)
In-Reply-To: <20030815175524.GB2393@linux.local>
I am using giptables to help setup iptables on two RH7.3 boxes. These
two are sibling proxies in our organization. The two have basically
identical rulesets, but one gets many of the following logged to the
syslog while the other very few:
Aug 11 13:57:10 webfilter2 kernel: giptables-end-of-firewall: IN=
OUT=eth0 SRC=10.129.130.5 DST=10.129.184.28 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=33149 DF PROTO=TCP SPT=8080 DPT=1100 WINDOW=5840 RES=0x00 ACK
FIN URGP=0
Aug 11 13:57:12 webfilter2 kernel: giptables-end-of-firewall: IN=
OUT=eth0 SRC=10.129.130.5 DST=10.129.184.31 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=37565 DF PROTO=TCP SPT=8080 DPT=1660 WINDOW=5840 RES=0x00 ACK
FIN URGP=0
Aug 11 14:02:43 webfilter2 kernel: giptables-end-of-firewall: IN=
OUT=eth0 SRC=10.129.130.5 DST=10.129.184.22 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=646 DF PROTO=TCP SPT=8080 DPT=2163 WINDOW=5840 RES=0x00 ACK
FIN URGP=0
Aug 11 14:04:21 webfilter2 kernel: giptables-end-of-firewall: IN=
OUT=eth0 SRC=10.129.130.5 DST=10.129.134.27 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=47763 DF PROTO=TCP SPT=8080 DPT=1308 WINDOW=5840 RES=0x00 ACK
FIN URGP=0
But I have the following rules generated by giptables:
iptables -A interface0_in -p tcp -s 10.129.134.0/23 --sport 1024:65535
-d 10.129.130.5 --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A interface0_out -p tcp -s 10.129.130.5 --sport 8080 -d
10.129.134.0/23 --dport 1024:65535 -m state --state ESTABLISHED -j
ACCEPT
iptables -A interface0_in -p tcp -s 10.129.184.0/23 --sport 1024:65535
-d 10.129.130.5 --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A interface0_out -p tcp -s 10.129.130.5 --sport 8080 -d
10.129.184.0/23 --dport 1024:65535 -m state --state ESTABLISHED -j
ACCEPT
iptables -A interface0_in -p tcp -s 172.16.0.0/25 --sport 1024:65535 -d
10.129.130.5 --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A interface0_out -p tcp -s 10.129.130.5 --sport 8080 -d
172.16.0.0/25 --dport 1024:65535
-m state --state ESTABLISHED -j ACCEPT
next prev parent reply other threads:[~2003-08-14 19:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-13 22:39 can someone check this simple firewall? Daniel Chemko
2003-08-15 17:55 ` Payal Rathod
2003-08-14 19:36 ` Stephen J. McCracken [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-08-14 19:43 Can someone please explain to a newbie? Stephen J. McCracken
[not found] <Pine.LNX.4.44.0308141353360.23765-100000@nwallwo-linux.corp.pnm.com>
2003-08-14 22:21 ` Stephen J. McCracken
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1060889794.3959.47.camel@localhost.localdomain \
--to=smccrack@hcjb.org.ec \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox