owner module / Re: Delivery failure to iptables@xxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry for posting my question a second time.
I am confused of this reply ...

Who is iptables@xxxxxxxxxxxxxxxxx?
And why I am getting problems?

Kind regards
Daniel


> Delivery was attempted, but failed because:
> 551 5.0.0 Known SPAM source - address blocked.To resolve this problem
> please visit http://nospam.arix.com/blocked.php
> 
> -=-=-=-=-=-=-=-=-
> Original Message:
> -=-=-=-=-=-=-=-=-
> 
> X-TZO-Forward: iptables@xxxxxxxxxxxxxxxxx
> Received: from 62.128.28.23 by saf.tzo.com
> 	id 2004081005365025063 for iptables@xxxxxxxxxxxxxxxxx;
> 	Tue, 10 Aug 2004 09:36:50 GMT
> Received: from vishnu.netfilter.org ([213.95.27.115])
> 	by lakshmi.netfilter.org with esmtp (Exim 4.22 #1 (Debian))
> 	id 1BuT0O-0006Mq-1o; Tue, 10 Aug 2004 11:33:16 +0200
> Received: from mail.gmx.net ([213.165.64.20])
> 	by vishnu.netfilter.org with smtp (Exim 4.22 #1 (Debian))
> 	id 1BuSyf-0004zW-7s
> 	for <netfilter@xxxxxxxxxxxxxxxxxxx>; Tue, 10 Aug 2004 11:31:29 +0200
> Received: (qmail 7871 invoked by uid 0); 10 Aug 2004 09:31:28 -0000
> Received: from 80.171.10.240 by www46.gmx.net with HTTP;
> 	Tue, 10 Aug 2004 11:31:28 +0200 (MEST)
> From: "Daniel Boy" <dabohh@xxxxxx>
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> MIME-Version: 1.0
> Subject: owner module
> X-Priority: 3 (Normal)
> X-Authenticated: #13669367
> Message-ID: <11900.1092130288@xxxxxxxxxxxxx>
> X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
> X-Flags: 0001
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> X-Spam-Score: -3.7 (---)
> Sender: netfilter-admin@xxxxxxxxxxxxxxxxxxx
> Errors-To: netfilter-admin@xxxxxxxxxxxxxxxxxxx
> X-BeenThere: netfilter@xxxxxxxxxxxxxxxxxxx
> X-Mailman-Version: 2.0.11
> Precedence: bulk
> List-Help: <mailto:netfilter-request@xxxxxxxxxxxxxxxxxxx?subject=help>
> List-Post: <mailto:netfilter@xxxxxxxxxxxxxxxxxxx>
> List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
> 	<mailto:netfilter-request@xxxxxxxxxxxxxxxxxxx?subject=subscribe>
> List-Id: General discussion and user questions
> <netfilter.lists.netfilter.org>
> List-Unsubscribe:
> <https://lists.netfilter.org/mailman/listinfo/netfilter>,
> 	<mailto:netfilter-request@xxxxxxxxxxxxxxxxxxx?subject=unsubscribe>
> List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
> Date: Tue, 10 Aug 2004 11:31:28 +0200 (MEST)
> 
> Hello,
> 
> I try to implement the command "--cmd-owner" for some
> services in the "filter" table.
> 
> When I do so the corresponding services do not terminate
> correctly any more.
> 
> For example I opened an SSH connection and terminated
> it after the successful login with the "logout" command.
> Afterwards on the servers side "ps" and "netstat" says
> the connection is still alive. On the client side
> "netstat" says "FIN ACK", "LAST ACK", "CLOSING" and I get
> some log entries in "messages".
> 
> 
> The necessary iptables-rules at client-side:
> 
> iptables -A OUTPUT -m owner --cmd-owner "ssh" -p tcp -s CLIENT -d SERVER
> --sport 1024:65535 --dport 22 -j ACCEPT
> iptables -A INPUT -p tcp -s SERVER -d CLIENT --sport 22 --dport 1024:65535
> -j ACCEPT
> 
> 
> Some of the drop-log entries at client-side:
> 
> Aug  9 15:29:54 CLIENT kernel: DROP IN= OUT=eth0 SRC=CLIENT DST=SERVER
> LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=129 DF PROTO=TCP SPT=33442 DPT=22
> WINDOW=24752 RES=0x00 ACK URGP=0
> Aug  9 15:29:55 CLIENT kernel: DROP IN= OUT=eth0 SRC=CLIENT DST=SERVER
> LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=130 DF PROTO=TCP SPT=33442 DPT=22
> WINDOW=24752 RES=0x00 ACK URGP=0
> Aug  9 15:29:55 CLIENT kernel: DROP IN= OUT=eth0 SRC=CLIENT DST=SERVER
> LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=131 DF PROTO=TCP SPT=33442 DPT=22
> WINDOW=24752 RES=0x00 ACK URGP=0
> 
> 
> So I would say the boolean #--cmd-owner "ssh"# is immediately
> invalid. So the client cannot inform the server about the closing.
> 
> Does anybody have an idea to let only the missing packets passing?
> 
> Kind regards
> Daniel
> 
> -- 
> NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler!
> GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl
> 
> 
> 

-- 
NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler!
GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux