----- Original Message ----- From: "Preston Wade" <Preston_Wade@hilton.com> To: "'Erik Ahlner'" <whyz@home.se>; <netfilter@lists.netfilter.org> Sent: Wednesday, January 29, 2003 12:30 AM Subject: RE: Should i be worried? > This rule would allow someone outside your firewall to route to your > internal boxes. I wouldn't accept all connection from the external > interface to the internal interface. > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT you're right.. you reccon this would be better? $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT > Also I wouldn't have a default policy of ACCEPT for the INPUT chain either. > $IPTABLES -P INPUT ACCEPT > > > Anyway.... the log entry below is interesting because it shows that the > packet came in on eth0 and went out eth0, but given the source and > destination addresses I would think it would have came in on one interface > and gone out a different. The first two look like DNS queries based on the > DPT, but the source port is that of a NetBIOS service. The last entry looks > like potentially a legitimate web request. > > Which interface is your outside? > Can you show us the output of a netstat -nr? > eth0 is the nic to the outside.. and sure, here comes the output from netstat -nr! Destination Gateway Genmask Flags MSS Window irtt Iface 130.236.146.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 130.236.146.1 0.0.0.0 UG 40 0 0 eth0 thanks
