Hello Bastian. Re: Bug#540074: netfilter leaking traffic when long chains defined
Sorry for the delay. For some reason I did not get a copy of your email, and I just found your messages on an internet archive. tcp 0 0 10.0.0.8:9999 118.168.141.172:3388 ESTABLISHED This is an established connection. No evidence where the packets come from. Right. Port 9999 is a listening port (in this case listening for http requests (provided by didiwiki), so presumably the host at 118.168.141.172 made a connection, even though it is not in the address whitelist, as far as I can tell. For details of configuration scripts and test data, refer to bug #534963 This is not nearly complete. Please show the _complete_ config. That is the complete configuration, as far as I can tell. What element of the configuration do you believe is missing? > please use a sniffer and record the packets going through. The service port 9999 is being used frequently by computers on the internal LAN. I have tcpdump that I could use here, but I only want to log only packets coming in externally (ie not coming from 10.0.0.*) for the purpose of this report. Do you know of a way of achieving that or is there another sniffer that you suggest that I use? Thanks in advance. Mark. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
