Your message, Re: Could someone please explain this output?, was not delivered to the following recipient: [EMAIL PROTECTED]
Reason: System error: Please re-send your message later. Recipient: [EMAIL PROTECTED]
--- Begin Message ---On 16 Aug 2001 17:12:14 -0500, Jor-el wrote: > Hi, > > Here is the output from 'ipchains -L input -v' : > > Chain input (policy DENY: 0 packets, 0 bytes): > pkts bytes target prot opt tosa tosx ifname mark > outsize source destination ports > 380 34580 ACCEPT all ------ 0xFF 0x00 lo > anywhere anywhere n/a Anything on local interface - accept > 0 0 DENY all ----l- 0xFF 0x00 !lo > 127.0.0.0/8 anywhere Anything coming pretending to be from localhost not on l0 is spoofed from a network interface. Log it (the l flag). n/a > 10502 1034K ACCEPT all ------ 0xFF 0x00 eth1 > localnet/24 anywhere n/a Anything that is from the localnet going anywhere on the internal card is ok. > 0 0 DENY all ----l- 0xFF 0x00 eth0 > localnet/24 anywhere n/a Anything pretending to come from the internal net but comes in from the external interface is spoofed. Log it. > 15049 9223K ACCEPT all ------ 0xFF 0x00 eth0 > anywhere cs9349-21.austin.rr.com n/a Anything from the world going to the external ip of this computer from the external interface is ok. > 0 0 ACCEPT all ------ 0xFF 0x00 eth0 > anywhere 255.255.255.255 n/a Anyone broadcasting over the external net is ok. Not sure what this is doing here. I wouldn't do this personally. > 0 0 DENY all ----l- 0xFF 0x00 any > anywhere anywhere n/a Anything we didn't match above we should drop and log it. > > This confirms Vineet's diagnosis. I cant help notice that the 'l' > flag is set in the 'opt' field every time the target is DENY. Is this a > coincidence? Where is the meaning of this output documented? I couldnt > find it anywhere. > > Also, I am not sure of the purpose of these rules - especially the > ones with DENY. Why are they blocking what they are blocking? > > Thanks, > Jor-el > > On Thu, 16 Aug 2001, Vineet Kumar wrote: > > > > > > > > > How do I interpret this output? For example, the lines handling > > > the source = localnet/24 - will they let a packet from outside pass in or > > > be rejected? Why are there two lines? This configuration is the result of > > > me doing a 'apt-get install ipmasq' - so there really hasnt been any > > > customization by me. > > > > > > > You'll get more meaningful output with > > > > ipchains -L -v > > > > What I suspect is going on is that the rules say something like > > localhost/8 -i ! lo -j DENY and localnet/24 -i eth0 -j ACCEPT and > > localnet/24 -i ! et0 -j DENY. The -v flag will show you the interfaces > > specified in the rules as well, so you can understand what's going on. > > > > Cheers, See above for hopefully !useless commentary. --mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--- End Message ---
