From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?Jos=E9_Irigon?= Subject: Re: iptables + MRTG Date: Sat, 28 Aug 2004 13:56:03 -0300 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <2cbad29704082809562ecf1ec5@mail.gmail.com> References: <1910446864.20040828172355@op.pl> Reply-To: =?ISO-8859-1?Q?Jos=E9_Irigon?= Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <1910446864.20040828172355@op.pl> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1" To: netfilter Hi all,=20 I read all messages sent to list about topics like this, but none of them solved my doubt. I want to do a stealth firewall, a firewall + bridge which an mallicious client can=B4t* find it. This is the idea: When a packet arrive at the bridge (from de outside) if the rules of iptables/ebtables permit it continue, ok. If not, the bridge should reply with packages with the client=B4s ip and rejecting these packages. The problem is I tried use "-j REJECT --reject-with tcp-reset" for example, but the bridge seems to can not reply that packages. At begining I thought it was cause haven=B4t the bridge ip, it couldn=B4t send packages back, but I read in http://sourceforge.net/mailarchive/forum.php?thread_id=3D4073001&forum_id= =3D8573 that it is possible. I recompile kernel and tried anything I believe could be the erlevant, (ip_forward, etc) but nothing. Can anyone tell me what could be!? I=B4m using Slackware 9.1 with kernel 2.6.8.1, but I tried with 2.4.22 and didn=B4t work either... []=B4s!