On Wed, 2003-05-28 at 14:17, MOUDARIR Mohamed wrote: > Hello, > > I have an iptables firewall with tree NIC > > Eth0 net interface > > Eth1 dmz interface > > Eth2 lan interface ( private network A 170.150.0.0/16 ) > > Recently I connect a seconde private network ( B 170.151.0.0/16 ) > (from another site with SDSL router) to my network A. > > There is no probleme with routing. I can ping B from A, and ping A > from B. > > I can also access internet from B. > > > > But I can not access a share directory from B (170.151.1.11)like > \\170.150.1.10\d$ in a NT server in A > > When I look into firewall log, I can see : > > New not syn:IN=eth2 OUT=eth2 SRC 170.150.1.10 DST=170.151.1.11 LEN=44 > TOS=0x00 TTL=127 ID=43023 PROTO=TCP SPT=139 DPT=1787 > > WINDOW=8760 RES=0x00 ACK URGP=0 > > Maybe this is caused by a stray nat rule - the packets seems to be coming from and going to eth2. > > I look into my iptables script, and I think the reason of this is this > rules : > > iptables -N bad_tcp_packets > > iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG > --log-prefix "New not syn:" > > iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j > DROP > > > > What is the solution.? > > Thaks. -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
