Hi to all, we are using a firewall with RedHat kernel 2.4.20-19.7. The firewall is configured to block every packet with DPT 199 into our network. When doing a "telnet server.in.our.network 199" from outside, the firewall correctly drops that packet, logging IN=eth1 OUT=eth0 SRC=xxx.xxx.11.231 DST=xxx.xxx.151.184 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=12615 DF PROTO=TCP SPT=34869 DPT=199 WINDOW=8760 RES=0x00 SYN URGP=0 to syslog. The external interface is eth1, internal is eth0. However, at the same time, the firewall generates a packet, which is droped by the output chain of the firewall. It fakes the SRC and DST and wants to send that packet to the internal server: IN= OUT=eth0 SRC=xxx.xxx.151.184 DST=xxx.xxx.11.231 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=TCP SPT=199 DPT=34869 WINDOW=0 RES=0x00 ACK RST URGP=0 When setting the output chain to accept policy, the above packet is delivered xxx.xxx.151.184! How can we prohibit those packets to be generated? Kernel RH 2.4.18-x didn't show that behaviour. Please CC me as I'm not subscribed. regards, juergen
