Re: iptables questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/18/2011 05:05 PM, Gabriel Ramirez wrote:
> On 04/17/2011 03:53 PM, JD wrote:
>
>> Well, it is a bit strange that Google would set up their servers
>> so that my machine tries to download latest messages by sending
>> it's request to pop.gmail.com (74.125.127.109) to port 995,
>> and receive reply from a different IP address.
>> How can I configure my firewall so that such replies are
>> not deemed as "not established"?
>
> I'm  download my email too from pop.gmail.com via pop3s using fetchmail
> and in the past, the following showed in the logs:
>
> Apr 17 16:18:42 localhost kernel: [534364.934281] INPUT packets denied:
> IN=eth0 OUT= MAC= SRC=74.125.127.109 DST=192.168.1.10 LEN=40 TOS=0x00
> PREC=0x00 TTL=48 ID=18161 PROTO=TCP SPT=995 DPT=48159 WINDOW=0 RES=0x00
> RST URGP=0
>
> and the above packet always netfilter (iptables) classify it as a
> INVALID packet so you catch it with:
>
> -N inval-IN
> -A inval-IN -m tcp -p tcp --sport 995 -j DROP
> -A INPUT -m state --state INVALID -j inval-IN
>
> or test and simply do:
>
> -A INPUT -m state --state INVALID -j DROP
>
> I only know a little about tcpdump but according to "tcpdump -i eth0 -n
> port 995" the packet logged is the last one in the session:
>
> also in my limited testing today, the logged packet came from the same
> pop server machine not a third party one
>
> and because the packet is logged not matter you use thunderbird or I use
> fetcmail maybe is a (harmless) bug in google pop server
>
> Gabriel
Could very well be a harmless bug.
I was also wondering if the bug is caused by the client request
being broadcast to all 3 gmail servers, and one of them quickly
responds, and one or both of the other 2, which are apparently
not notified that the response has been sent, will send their
reply to a session which has already closed.
Any google mail admins on this list?? :)


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux