On 05/09/14 13:41, Dale Mellor wrote:
Anyway, the point is I don't want the syn-ack to come from the ground, but the Linux kernel insists on sending it. That's what I want to filter out, or otherwise stop.
The kernel only does that if there is a piece of application code that is bound to that socket.
In case I haven't been clear, the PC is the gateway to the spacecraft; effectively, it _is_ the proxy. When a telnet client (on the ground) connects to the gateway (on the ground), the gateway is responding to the SYN when I don't want it to.
Ok, so the ground station PC is acting as a proxy and you don't want that. You want it to *route* the IP packets rather than be an application level proxy.
So at the moment you are connecting to a socket that is bound in the ground station PC. There is a piece of code there than binds and then accepts the connection. Stop doing that and have iptables forward/nat the packets instead.
If all that is incorrect, then you have not provided anywhere enough information on the how's and why's.
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
