On Thursday 06 December 2001 10:59 am, Wes Bateman wrote:
> You mention your qmail server, is that the box that was "attempting
> to connect" to port 6000 on an outside host?
Yes, it is my box that is initiating the connections.
> If the box that is sending traffic from port 25 to port 6000 is a
> mail server, then you should verify whether these packets are SYNs
> or, more likely, SYN/ACK or PSH/ACK type packets.
They are all SYN/ACK packets. Oops.
> In other words, is this really the initiation of a connection, or is
> it just your mailserver replying to a connection initiated by an
> outside host (which randomly selected port 6000, so this would not
> happen often statistically, but it WILL happen) to port 25 on your
> box?
I thought that this firewall rule would take care of things:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
But according to the manual, "ESTABLISHED meaning that the packet is
associated with a connection which has seen packets in both
directions", so I guess that wouldn't account for attempting to finish
a hand shake from something delivering mail. I've added the "--syn"
option to the TCP rules for catching outgoing X connections; that
should take care of things (I hope).
Thanks muchly for the advice.
--
Matthew Cline | Suppose you were an idiot. And suppose that
[EMAIL PROTECTED] | you were a member of Congress. But I repeat
| myself. -- Mark Twain
