The 192.168.0.2 is a misprint, it should be 192.168.10.2, also the second reference to the BANNED is from the INPUT chain. All I am worried about is how a connection is getting forwarded unlogged or dropped. Is it possible that he is spoofing the IP address where netfilter sees one address and apache is getting a different one? Apache is reporting the IP address as being one that is being blocked by IPTables. I am also logging that same IP address and the logs show no such connection from that IP address.
----- Original Message ----- From: "Ramin Alidousti" <[EMAIL PROTECTED]> To: "Antony Stone" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, April 30, 2002 3:26 PM Subject: Re: Circumventing IPTables > Chris, > > It's not your problem but I just noticed something: > > DNAT tcp -- 0.0.0.0/0 x.x.x.x tcp dpt:80 = > to:192.168.0.2:80 > > Everywhere else in your rules you're talking about 192.168.10/24 > which I believe should be your internal subnet, but your webserver > is at 192.168.0.2. Is this correct? > > Also I see "Chain BANNED (2 references)" but I only could find > 1 reference in your FORWARD chain. Where is the other one? > > Can you just post the full rule set? > > Ramin > > > On Tue, Apr 30, 2002 at 09:03:27PM +0100, Antony Stone wrote: > > > On Tuesday 30 April 2002 3:19 am, Chris Hoeschen wrote: > > > > > Sure thing: > > > > > > Chain PREROUTING (policy ACCEPT) > > > Chain FORWARD (policy DROP) > > > Chain BANNED (2 references)
