You can add a rule to your forward chain to log (via kernel facility via syslog)
and find out what packets are being requested:
ipchains -A forward -j DENY -p tcp -l
ipchains -A forward -j DENY -p udp -l
Be aware though, that these lines will deny all traffic not accepted
beforehand. If that's not what you want, but accept all traffic not denied
already, just change the DENY above to ACCEPT.
If you're not sure where to look for your kernel packet log entries, check your
/etc/syslog.conf and look for the line containing "kern.*" or
"kern.(something)". Look in those logs. It can grow quite quickly if you're
accepting or denying a lot of traffic, so you might only want to enable those
rules temporarily. You could also specify a "-s" or "-d" with your Windows
system's IP address instead.
Tim Burden wrote:
> Oh, I have a related question. I have a private Windows network behind a
> Linux box that I use as a firewall and PPP dial-on-demand server so all my
> windows machines can get on the net thru a single modem.
>
> Now I have filtered out most of the Windows netbios traffic with the
> following lines:
>
> /sbin/ipchains -A forward -j DENY -p tcp -s 0.0.0.0/0 137:139
> /sbin/ipchains -A forward -j DENY -p udp -s 0.0.0.0/0 137:139
>
> But there is still the occasional traffic that makes the linux box dial up,
> even if the windows machines are just sitting there, on. Does anyone have
> any idea what it is and how to filter it?
> Thanks,
> Tim
>
> ----- Original Message -----
> From: Ralf G. R. Bergs <[EMAIL PROTECTED]>
> To: Chris Gill <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, May 25, 2000 2:25 PM
> Subject: Re: How to filter DNS?
>
> > On Thu, 25 May 2000 08:22:40 -0400 (EDT), Chris Gill wrote:
> >
> > >Hey folks. I asked here last week about a filtering bridge (or a bridging
> > >filter). Thanks for the replies, it's working great. Well, there's one
> > >problem. Clients are on one side, the DNS server on the other. And the
> > >clients can't do lookups. My filtering rules are fairly strict, but I do
> > >allow all non-SYN TCP packets to pass, and opened port 53 (which is the
> > >DNS port, correct?) in both directions, but still no dice. Anybody know
> > >what the trick is?
> >
> > The trick is that DNS is UDP, not TCP. :-)
> >
> >
> > --
> > Sign the EU petition against SPAM: L I N U X .~.
> > http://www.politik-digital.de/spam/ The Choice /V\
> > of a GNU /( )\
> > Generation ^^-^^
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-net" in
> > the body of a message to [EMAIL PROTECTED]
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
