As long as we're on the subject of firewalls, I have a question that I'd
like to ask:
If I have a linux box with no firewalling rules, and I attempt to
connect from <src_ip>:<src_port> to <dest_ip>:<dest_port>, where dest is
my unprotected linux box, and the port I'm trying to connect to is not
open, I see the following traffic (pretty close):
<src_ip>:<src_port> -> <dest_ip>:<dest_port> : SYN
<dest_ip>:<dest_port> -> <src_ip>:<src_port> : ICMP tcp port not
reachable
and the application fails the connection immediately. Now, I turn on
firewalling on my linux box. I use the following ipchains command:
ipchains -A input -i eth1 -y -p TCP --destination-port :1023 -j REJECT
Now, I attempt the connection again, and see something like the
following traffic:
<src_ip>:<src_port> -> <dest_ip>:<dest_port> : SYN
<dest_ip> -> <src_ip> : ICMP tcp port not reachable
<src_ip>:<src_port> -> <dest_ip>:<dest_port> : SYN
<dest_ip> -> <src_ip> : ICMP tcp port not reachable
...
So, the linux box with firewalling in place is certainly REJECT'ing
connection attempts, but not in a manner uniform with the port being
simple closed. Additionally, the client _DOES NOT FAIL_. It tries
again until it times out (much later). Both of these boxes are running
linux kernel 2.2.15 pre2.
The behavior of both of the boxes in the latter configuration seem
incorrect. However, I'm not well versed on the RFC for TCP. I don't
actually KNOW how it's supposed to behave. How does this compare to
other products? Older/newer linux kernels?
It seems that the REJECT behavior should be consistant with the port
actually being unavailable. It also seems that the client should fail
immediately, since it's getting notification that the port is
unavailable. I think I should complain to the kernel list, but I'm not
sure. What do you think?
MSG
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
