From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Stephen J. McCracken" Subject: Re: Can someone please explain to a newbie? Date: 14 Aug 2003 17:21:58 -0500 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1060899718.3959.61.camel@localhost.localdomain> References: Reply-To: sjmccracky@myrealbox.com Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: "Wallwork, Nathan" Cc: Netfilter List On Thu, 2003-08-14 at 14:59, Wallwork, Nathan wrote: > On 14 Aug 2003, Stephen J. McCracken wrote: > > Subject: Can someone please explain to a newbie? > > > > one gets many of the following logged to the syslog while the other > > very few: > > Have you reloaded the rules on webfilter2 since the last rules change? yes. > > > Aug 11 13:57:10 webfilter2 kernel: giptables-end-of-firewall: IN= > > OUT=eth0 SRC=10.129.130.5 DST=10.129.184.28 LEN=40 TOS=0x00 PREC=0x00 > > TTL=64 ID=33149 DF PROTO=TCP SPT=8080 DPT=1100 WINDOW=5840 RES=0x00 ACK > > FIN URGP=0 > > > > But I have the following rules generated by giptables: > > > > iptables -A interface0_out -p tcp -s 10.129.130.5 --sport 8080 -d > > 10.129.184.0/23 --dport 1024:65535 -m state --state ESTABLISHED -j > > ACCEPT > > It looks like this should match, assuming the ESTABLISH part matches. That's what I thought. What defines "ESTABLISHED"? > > Consider setting up a copy of that rul without the --state ESTABLISHED, > place that right below, and see if it catches any packets. The problem is that, being a newbie, I use giptables to set up the iptables rules and I'm not sure where to do this. Also, I would like to understand the "why" and not just get around it especially as one box, using the same ruleset hardly gets any of these while the other quite a few.