On 14 Aug 2004, s. keeling wrote: > Incoming from Bernd Eckenfels: >> In article <[EMAIL PROTECTED]> you wrote: >>>>>> Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC= >>>>>> SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115 >>>>>> ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 >> ... >>> It all depends on whether you have services running on your machine >>> that listen on DPT (445 in this case). If something is there to "pick >>> up the phone" so to speak, anything can happen. That service could >>> answer on another port altogether. >> >> Well, you need to check if DST= is a local address, anyway. > > Are you suggesting that I might see stuff in my logs that was destined > for a foreign IP?
Not often, but occasionally, depending on how your ISP connects you to the Internet. It is most common on a LAN or a cable setup. > If so, that would make me an open mail relay, no? No. Being an open mail relay would make you an open mail relay. Your firewall has pretty much nothing to do with that -- only the configuration of your mail server really matters. Have you considered using some sort of friendly setup, such as shorewall or firehol, to deal with the technical details of firewalling for you? I sounds like you are pretty unsure on your feet here, and those tools take a lot of the uncertainty out of building a firewall... Regards, Daniel -- We can keep from a child all knowledge of earlier myths, but we cannot take from him the need for mythology. -- Carl Jung -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]