When I saw your logs it is sending a rst packet to destination. Are you running any ids inside your network?
Regards Dharmendra.T dharmu@xxxxxxxxxxx
On Thu, 2003-08-14 at 15:04, Juergen Stohr wrote:
Hi to all, we are using a firewall with RedHat kernel 2.4.20-19.7. The firewall is configured to block every packet with DPT 199 into our network. When doing a "telnet server.in.our.network 199" from outside, the firewall correctly drops that packet, logging IN=eth1 OUT=eth0 SRC="" DST=xxx.xxx.151.184 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=12615 DF PROTO=TCP SPT=34869 DPT=199 WINDOW=8760 RES=0x00 SYN URGP=0 to syslog. The external interface is eth1, internal is eth0. However, at the same time, the firewall generates a packet, which is droped by the output chain of the firewall. It fakes the SRC and DST and wants to send that packet to the internal server: IN= OUT=eth0 SRC="" DST=xxx.xxx.11.231 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=TCP SPT=199 DPT=34869 WINDOW=0 RES=0x00 ACK RST URGP=0 When setting the output chain to accept policy, the above packet is delivered xxx.xxx.151.184! How can we prohibit those packets to be generated? Kernel RH 2.4.18-x didn't show that behaviour. Please CC me as I'm not subscribed. regards, juergen
-- This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited. |
