to all..... thanks for your help on this issue... after a tall glass of water (insert your favorite drink!!) i closely inspected the cabling/rat's nest that makes up the network.... i discovered what appears to be an issue of cross/straight regarding the cabling coming out of the router going into an intel switch. (didn't know the switch was there) it appears that by switching ports on the router for the cable going to the switch solves the problem. i'll have to dig more into the router ports as well as the switch to make sure i haven't missed anything.... mike... (or whomever) .. is there someway to remove the iptables INSERT command that I entered.... this seems to generate additional messages in the var/log/message file that i don't need.... and should i restart the iptables service.... thanks..... -bruce -----Original Message----- From: psyche-list-admin@redhat.com [mailto:psyche-list-admin@redhat.com]On Behalf Of Bruce Douglas Sent: Saturday, January 18, 2003 2:54 PM To: psyche-list@redhat.com Subject: RE: linux security/network issue.... ps... For what it's worth... the Linksys Router filter settings are: SPI: Enable x Disable Block WAN Request: Enable x Disable Multicast Pass Through: x Enable Disable IPSec Pass Through: x Enable Disable PPTP Pass Through: x Enable Disable Remote Management: Enable x Disable Remote Upgrade: Enable x Disable MTU: x Enable Disable Michael, A mistake on my part.. wasn't trying to hide the internal ip/ports... per your input... the following is what is listed in the /var/log/messages file (i left out some of the earlier stuff for the sake of brevity) ( iptables --insert INPUT --in-interface eth0 --protocol tcp --destination-port http --jump LOG --log-level info --log-prefix "www in: " ) gets:... ---------------------------------------------------------------------------- --- Jan 18 12:58:37 lserver2 iptables: succeeded Jan 18 12:58:37 lserver2 last message repeated 2 times Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30800 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=16384 RES=0x00 SYN U RGP=0 Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30802 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=17520 RES=0x00 ACK U RGP=0 Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=295 TOS=0x00 PREC=0x00 TTL=128 ID=30803 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=17520 RES=0x00 ACK PSH URGP=0 Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30807 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=16646 RES=0x00 ACK U RGP=0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31368 DF PROTO=TCP SPT=1610 DPT=80 WINDOW=17520 RES=0x00 ACK U RGP=0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31369 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=16646 RES=0x00 ACK U RGP=0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31370 DF PROTO=TCP SPT=1610 DPT=80 WINDOW=0 RES=0x00 RST URGP= 0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31371 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=0 RES=0x00 RST URGP= 0 --------------------------------------------------------------------------- --------- so.. the question is.. do i have something configured incorrectly?? thanks -bruce -----Original Message----- From: psyche-list-admin@redhat.com [mailto:psyche-list-admin@redhat.com]On Behalf Of Michael Schwendt Sent: Saturday, January 18, 2003 1:27 PM To: psyche-list@redhat.com Subject: Re: linux security/network issue.... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 18 Jan 2003 12:36:28 -0800, Bruce Douglas wrote: > [root@lserver2 root]# ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:03:47:63:41:AA > inet addr:192.168.1.52 Bcast:192.168.1.255 > Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Raises the question why you wrote "192.222.33.4" in your original posting? ;) There's absolutely no need to not tell your internal IP addresses. It justs adds plenty of confusion upon trouble-shooting. Same applies to your router. Originally, you wrote it is at 198.222.33.1, actually it is at 192.168.1.1. All that doesn't help understanding your network configuration. > the router (Linksys BEFN2PS4) is pretty straightford to configure for > the Port Forwarding. And, as I mentioned, everything works when I > forward the port to a Windows box. We'll see. > Is there any way/log file that I could look at which would tell me if > the linux box sees anything coming from the router??? Type this in, everything on one line: iptables --insert INPUT --in-interface eth0 --protocol tcp --destination-port http --jump LOG --log-level info --log-prefix "www in: " With default configuration of syslogd you should see packet filter log messages in /var/log/messages when you access port 80 of your Linux box. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Kca10iMVcrivHFQRAp2iAJ9hzfHPLxqBDXu/wg0b7W52vIJ3gQCfRMl6 UUD7WgAq/icJp4gBxQd6Txc= =xth0 -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
