On Mon, Apr 08, 2002 at 05:28:41PM +0200, Bernd Geier wrote:
> 2.: This don't work: (WHY) > ipchains -A ianus0 -i eth0 -d xxx.xxx.xxx.xxx --destination-port > 1024:65535 -p udp -j ACCEPT > ipchinas -A ianus0 -i eth1 -s xxx.xxx.xxx.xxx --source-port 1024:65535 > -p udp -j ACCEPT > Apr 8 16:51:42 ianus kernel: Packet log: ianus0 DENY eth1 PROTO=17 > 212.185.247.117:65535 xxx.xxx.xxx.xxx:65535 L=232 S=0x00 I=30408 > F=0x00B9 T=118 (#81) > Apr 8 16:51:43 ianus kernel: Packet log: ianus0 DENY eth0 PROTO=17 > XXX.xxx.xxx.xxx:65535 212.185.247.117:65535 L=24 S=0x00 I=4249 F=0x00B9 > T=128 (#80) These are fragmented packets. You have two options - always let fragments through (insecure) - use stateful firewalling (i.e. iptables) But this is getting rapidly off-topic.. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
