Re: New not syn issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2003-05-28 at 14:17, MOUDARIR Mohamed wrote:
> Hello,
> 
> I have an iptables firewall with tree NIC
> 
> Eth0 net interface
> 
> Eth1 dmz interface
> 
> Eth2 lan interface ( private network A 170.150.0.0/16 )
> 
> Recently I connect a seconde private network ( B 170.151.0.0/16 )
> (from another site with SDSL router) to my network A.
> 
> There is no probleme with routing. I can ping B from A, and ping A
> from B.
> 
> I can also access internet from B.
> 
>  
> 
> But I can not access a share directory from B (170.151.1.11)like
> \\170.150.1.10\d$ in a NT server in A 
> 
> When I look into firewall log, I can see :
> 
> New not syn:IN=eth2 OUT=eth2 SRC 170.150.1.10 DST=170.151.1.11 LEN=44
> TOS=0x00 TTL=127 ID=43023 PROTO=TCP SPT=139 DPT=1787
> 
> WINDOW=8760 RES=0x00 ACK URGP=0
> 
>  
Maybe this is caused by a stray nat rule - the packets seems to be
coming from and going to eth2.

> 
> I look into my iptables script, and I think the reason of this is this
> rules :
> 
> iptables -N bad_tcp_packets
> 
> iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
> --log-prefix "New not syn:"
> 
> iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j
> DROP
> 
>  
> 
> What is the solution.?
> 
> Thaks.
-- 
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux