hello; reply below. On 6/20/05, Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote: > > >at the 2nd lines of defenses the following is seen: > > > >date and time is utc. > > > >2005-06-18 08:20:38.310864 IP 200.221.11.147.29937 > > >204.238.34.206.25: R 0:0(0) win 0 > > This looks to me like tcpdump output. As far as I understand, the "listener" > (used by iptraf, tcpdump, etc.) listens before iptables does it works, so you > always see packets. - even those which are to be DROPed. > the tcpdump capture is on the mail server, 204.238.34.206 and *_not_* on the firewall, 204.238.34.232. > > Take a client connected to eth2 and listen on the eth2 bus. There should not > be anything. > the tcpdump output is on the mail server, 204.238.34.206. those packets are being seen on the internal network. i agree there should not be any 200.0.0.0/8 packets on the internal network but there are. therefore, iptables is leaking. > > >2005-06-18 08:35:33.035504 IP 200.221.11.147.9618 > 204.238.34.206.25: > >R 3184482893:3184482893(0) win 64240 > >2005-06-18 09:12:47.772699 IP 200.221.11.147.37399 > > >204.238.34.206.25: R 0:0(0) win 0 > > > Jan Engelhardt > -- terry l. ridder ><>
