|
Hello, I have an iptables
firewall with tree NIC Eth0 net interface Eth1 dmz interface Eth2 lan
interface ( private network A 170.150.0.0/16 ) Recently I connect a seconde private network ( B 170.151.0.0/16
) (from another site with SDSL router) to my network A. There is no probleme with routing. I can ping B from A, and ping A from
B. I can also access internet
from B. But I can not access a share
directory from B (170.151.1.11)like \\170.150.1.10\d$ in a NT server in A When I look into firewall
log, I can see : New not syn:IN=eth2 OUT=eth2 SRC 170.150.1.10 DST=170.151.1.11
LEN=44 TOS=0x00 TTL=127 ID=43023 PROTO=TCP SPT=139 DPT=1787 WINDOW=8760 RES=0x00 ACK
URGP=0 I look into my iptables script, and I think the reason of this is this rules : iptables -N bad_tcp_packets iptables -A bad_tcp_packets -p tcp ! --syn
-m state --state NEW -j LOG --log-prefix "New not syn:" iptables -A bad_tcp_packets -p tcp ! --syn
-m state --state NEW -j DROP What is the solution.? Thaks. |
