Brad wrote:
Let me try to explain what I mean. If I look at netstat output, I can see things like this:tcp 0 0 ::ffff:192.168.1.245:25 ::ffff:202.63.164.4:53400 ESTABLISHED tcp 0 0 ::ffff:192.168.1.245:25 ::ffff:8.12.43.34:2616 TIME_WAIT tcp 12 0 ::ffff:192.168.1.245:25 ::ffff:200.198.4.21:58613 ESTABLISHEDI think you're confused about what netstat is showing you. Here you have 3 connections which (almost certainly) were initiated **from** the IP and port in the right-hand column **to** your server in the left-hand column. The traffic going the other way (your server port 25 back to the client's random port) will be allowed by connection tracking rules.
A better place for Ricardo to start might be with the output of "shorewall show connections" Example: gateway:~ # shorewall-lite show connections Shorewall Lite 4.2.0-RC2 Connections at gateway - Tue Sep 9 11:08:19 PDT 2008ipv4 2 tcp 6 5 CLOSE src=65.55.209.224 dst=206.124.146.177 sport=41582 dport=80 packets=5 bytes=578
65.55.209.224 connected to 206.124.146.177 port 80. Since 206.124.146.177 is the IP address of my server, the above is an *incoming* connection to TCP port 80 (http). src=206.124.146.177 dst=65.55.209.224 sport=80 dport=41582 packets=4 bytes=357 [ASSURED] mark=256 secmark=0 use=1 ipv4 2 tcp 6 91 TIME_WAIT src=69.216.17.166 dst=206.124.146.177 sport=3236 dport=80 packets=22 bytes=1376 src=206.124.146.177 dst=69.216.17.166 sport=80 dport=3236 packets=25 bytes=31113 [ASSURED] mark=256 secmark=0 use=1 ipv4 2 udp 17 7 src=206.124.146.177 dst=63.218.83.20 sport=3710 dport=53 packets=1 bytes=87 src=63.218.83.20 dst=206.124.146.177 sport=53 dport=3710 packets=1 bytes=316 mark=256 secmark=0 use=1 Here, since 206.124.146.177 is the source, the above is an *outgoing* connection to UDP port 53 (DNS) ipv4 2 udp 17 7 src=206.124.146.177 dst=64.124.52.230 sport=6319 dport=53 packets=1 bytes=87 src=64.124.52.230 dst=206.124.146.177 sport=53 dport=6319 packets=1 bytes=132 mark=256 secmark=0 use=1 ipv4 2 udp 17 7 src=206.124.146.177 dst=194.146.106.50 sport=22153 dport=53 packets=1 bytes=73 src=194.146.106.50 dst=206.124.146.177 sport=53 dport=22153 packets=1 bytes=272 mark=256 secmark=0 use=1 ipv4 2 udp 17 7 src=206.124.146.177 dst=213.47.222.133 sport=26678 dport=53 packets=1 bytes=70 src=213.47.222.133 dst=206.124.146.177 sport=53 dport=26678 packets=1 bytes=111 mark=256 secmark=0 use=1 ipv4 2 tcp 6 24 TIME_WAIT src=66.249.71.139 dst=206.124.146.177 sport=63417 dport=80 packets=6 bytes=603 src=206.124.146.177 dst=66.249.71.139 sport=80 dport=63417 packets=4 bytes=1364 [ASSURED] mark=256 secmark=0 use=1 ipv4 2 udp 17 7 src=206.124.146.177 dst=81.91.161.98 sport=19221 dport=53 packets=1 bytes=73 src=81.91.161.98 dst=206.124.146.177 sport=53 dport=19221 packets=1 bytes=327 mark=256 secmark=0 use=1 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
