Linux Netfilter discussions
 help / color / mirror / Atom feed
* hazy table rules
@ 2003-08-31  7:57 Payal Rathod
  2003-08-31  7:35 ` Ralf Spenneberg
  0 siblings, 1 reply; 4+ messages in thread
From: Payal Rathod @ 2003-08-31  7:57 UTC (permalink / raw)
  To: netfilter

Hi,
On a firewall, the rules I am giving are like,

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DENY

$IPTABLES -t nat -A POSTROUTING -j MASQUERADE

$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p tcp -m tcp --dport 20 -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p tcp -m tcp --dport 21 -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p udp -m udp --dport 53 -j ACCEPT
$IPTABLES -A FORWARD -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Still when I view through iptraf, I find that there is traffic to
few outside port 137 of remote machines.

What is the issue?

With warm regards,
-Payal

-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.


^ permalink raw reply	[flat|nested] 4+ messages in thread
* hazy table rules
@ 2003-08-31 12:26 Payal Rathod
  0 siblings, 0 replies; 4+ messages in thread
From: Payal Rathod @ 2003-08-31 12:26 UTC (permalink / raw)
  To: netfilter

Hi,
On a firewall, the rules I am giving are like,

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DENY

$IPTABLES -t nat -A POSTROUTING -j MASQUERADE

$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p tcp -m tcp --dport 20 -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p tcp -m tcp --dport 21 -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A FORWARD -s 125.125.125.0/24 -p udp -m udp --dport 53 -j ACCEPT
$IPTABLES -A FORWARD -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Still when I view through iptraf, I find that there is traffic to
few outside port 137 of remote machines.

What is the issue?

With warm regards,
-Payal

-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-09-01 16:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-31  7:57 hazy table rules Payal Rathod
2003-08-31  7:35 ` Ralf Spenneberg
2003-09-01 16:46   ` Payal Rathod
  -- strict thread matches above, loose matches on Subject: below --
2003-08-31 12:26 Payal Rathod

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox