Re: What's this all about? (ipchains stuff)

Martin Brown Wed, 18 Oct 2000 22:52:52 -0700
I recently installed RH6.2 and have been familiarizing my self with
ipchains.  The IPCHAINS-HOWTO is quite good, IMO.  The technical
parameters listed below which you wish to know about are discussed in the
HOWTO.  Somewhat still open to question, in my mind as well as yours, is
why the large (65K+) port numbers.

You might try comp.os.linux.networking for Q&A's.

On Thu, 19 Oct 2000, Dan Horth wrote:

> Hiya - after having set up ipchains on a bunch of servers I'm 
> starting to see a load of DENY log entries - most of which appear 
> normal to me - although we've had a load of them over the past few 
> days from one particular IP address looking a bit like this:
> 
> /var/log/messages:Oct 18 14:50:54 FireWall kernel: Packet log: input 
> DENY ppp0 PROTO=17 the.remote.ip.address:55833 
> our.server.ip.address:61533 L=40 S=0x00 I=60941 F=0x4000 T=247 (#22)
> 
> Our server in this case is masquerading a private net range - so I'm 
> not sure if it's the remote machine, our server, or one of the 
> workstations on the local masqueraded network which is responsible 
> for causing these packets to turn up banging on our firewall and 
> getting rejected.
> 
> It's interesting the way the port numbers get bumped up each time, 
> and the pattern of traffic... I thought at first it may have 
> something to do with ICQ - but I did a test with our local firewall 
> and although the traffic looked similar  I don't think the packets in 
> question have anything to do with ICQ.
> 
> I have put a file up at:
> 
> http://www.nitro.com.au/ipchains_log.txt
> 
> showing all the entries.
> 
> I was wondering three things:
> 
> a) can someone provide me with an explanation of what's going on here?
> 
> b) can someone elaborate or point me in the direction of some docs to 
> help me decode the ipchains output a bit better. I'm interested in 
> the stats listed after our.server.ip.address... ie.  L=40 S=0x00 
> I=60941 F=0x4000 T=247 (#22)
> 
> c) can someone point me towards a list where it would be more 
> appropriate posting such discussions.
> 
> Thanks in advance for any help.
> 
> Dan.
> -- 
> 
>       Nitro - 3D Visualisation, Graphics & Animation
>               Ph (+61 2) 9810 5177 - Fx (+61 2) 9810 0199
>                       http://www.nitro.com.au/
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
> 

                            - Martin J. Brown, Jr. -                           
                            - [EMAIL PROTECTED] -                           
                                                                               
    PGP Public Key ID: 0xCED9BD8A  Key Server: http://www.keyserver.net/en/



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: What's this all about? (ipchains stuff)

Reply via email to
