Hello,
Basically, iptables doesn't seem to be working as advertised, at least not
as I've read/interpreted. Here's a session I started from a host well outside
my networks:
[D:\temp\EEPRO100]ssh xtian
Last login: Sun Jun 3 18:26:57 2001 from os2.invlogic.com
Linux 2.2.18.
No mail.
[mmclagan@xtian:/home/mmclagan] $ telnet os2.invlogic.com smtp
Trying 198.182.196.9...
Connected to os2.invlogic.com.
Escape character is '^]'.
220-os2.invlogic.com Sendmail IBM OS/2 SENDMAIL VERSION 2.02/2.0 ready at
Wed, 26 Dec 2001 11:58:33 -0500
220 ESMTP spoken here
quit
221 os2.invlogic.com closing connection
Connection closed by foreign host.
[mmclagan@xtian:/home/mmclagan] $
My reading of the man pages, etc says that the following line in the
/etc/sysconfig/iptables file (using RH 7.2 - the same line is in the /proc
files) on router.invlogic.com:
[0:0] -A INPUT -d 198.182.196.9 -p tcp -m tcp --dport 25 -j REJECT \
--reject-with icmp-port-unreachable
should have blocked the above session. In fact, I've got rules for 20, 21, 23
and 25 for that system and none of them is getting blocked. I've attached the
.config that I compiled the kernel with in case there's an option that I forgot
to include to make this all work.
Any input will be greatly appreciated!
Michael
=======================================================================
Michael McLagan 59 E. River St, #2 V:(315)393-1202
General Manager, Ogdensburg, NY 13669 F:(315)393-1154
Linux Online, Inc. The first stop for Linux info on the Net
Attachment:
.config
Description: Binary data
