It worked. Thanks. ----- Original Message ----- From: "Chris Brenton" <cbrenton@xxxxxxxxxxxxxxxx> To: "Fabiano Reis" <silos.reis@xxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, March 16, 2004 9:41 AM Subject: Re: differences between win and unix tcp clients. > On Tue, 2004-03-16 at 07:12, Fabiano Reis wrote: > > > > iptables -A INPUT -p tcp --source 192.168.0.2 --dport 23 -j REJECT > > iptables -A INPUT -p tcp --source 192.168.0.3 --dport 23 -j REJECT > > > > On the Solaris machine: a very fast response that the connection was > > refused. > > > > On the Windows 2000 machine: after for about 20 seconds I got the > > message that the connect failed (I thing this is the same as > > connection refused). > > If you don't specify a reject option, the default is an ICMP port > unreachable. This is an odd thing to return for a closed TCP port, as > normally it would be an ACK/RST. > > So I'm guessing that Solaris handles this like an ACK/RST while Windows > handles this like any generic type 3 error. Doing a: > > -J REJECT --reject-with tcp-reset > > would produce more consistent results, however you are running such an > old version of iptables I *think* that version was still returning bad > sequence numbers on the RST's. It might work for you, it might not. You > should really upgrade. > > HTH, > C > > > >
