On Fri, 15 Dec 2000 [EMAIL PROTECTED] wrote:
>
> Hello,
>
> since 3 days now I'm getting the following entries in my logfile:
>
> Dec 15 12:30:15 firewall kernel: Packet log: bad-if DENY lo PROTO=1
> 194.122.33.243:3 194.122.33.243:1 L=92 S=0xC0 I=4595 F=0x0000 T=255 (#1)
If you look through the IPCHAINS-HOWTO you'll find some good info for you.
Fromt he logs you can see that your first rule inthe input chains (the #!
text at the end of the line) is causing your system to deny the inbound
packet.
194.122.33.243 connecting from port 3 sent a packet to port 1 on your
loopback interface (the lo)
Port 1 is the TCP Multiplexor port (tcpmux) as seen from the /etc/services
file
tcpmux 1/tcp # TCP port service multiplexer
Port 3 is the system's tcp compression port
It's service name is called compressnet
What exactly that is I can only guess. I **THINK** it's used when you send
comrpessed packets accross a system eitehr during something like when you
use some ftp sites ability to send you a compressed tarball of the ftp
site itself. **BEAR IN MIND, I COULD BE WRONG!**
To find out what particular ports are you can also hit
http://www.stengel.net/tcpports.htm
OR
http://users.dhp.com/~whisper/mason/nmap-services (I like this one)
Now, as to the WHY of your question, that is something I can not answer.
--
David D.W. Downey
RHCE
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
