Richard Horton wrote: > On 2 March 2010 01:29, Dion Kant <msn@xxxxxxxxxx> wrote: > > >> Mar 2 02:03:55 erouter kernel: [527925.765439] LOG 25 Wrong IN=eth2 >> OUT= MAC=00:16:3e:78:4a:72:00:1d:45:8a:1b:2e:08:00 SRC=1.1.1.1 >> DST=2.2.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=53803 >> DPT=25 WINDOW=0 RES=0x00 RST URGP=0 >> > > As I understand what you are trying to do is allow access to port 25 > on your internal network from an external machine right? > Yes correct. > If so that log looks odd - the originator of the connection is sending > a RESET flag. The Reset flag is sent by the destination (atleast from > my knowledge they are). > This does ring a bell to me. I think it is caused by a Postfix "feature". The mail server is a Postfix MTA. If I understand you correctly Postfix opens a connection, "conntracked" correctly as can be seen by the log in the FORWARD chain. Then a bit later, Postfix sends a packet with RST set. This is an error, classified invalid and therefore it ends up in the INPUT chain. Thanks for explaining this. Dion. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
