On Wednesday 31 October 2001 7:19 am, you wrote: > Hi all , me again ! > I just remotely loggged into my machine at home going in sorta via the > back door. > I'l briefly explain, I hav'nt been able to get prerouting with dnat > functioning properly yet. > I have 2 ether ports, 1 on a cable modem the other to a local network. > I have 2 ports which xinetd redirects to a nother machine on the local > network. > So I've just telneted back in the machine from the local network, which > from the bastille-netfilter.cfg script should only have 5 ports open > from that side. > I've run nmap and it reports 15 ports open, but not the 2 ports I let > xinetd redirect from. ! ? > However, I've tried telnetting to all of the ports listed that I hav'nt > listed in bastille-netfilter and they all time out, this would suggest > that they are correctly set to > DROP the incoming packet. > > Which has priority in the system iptables or xinetd ? > the open ports are listed as 111,139,631,870,901,3128,6000,32770, there > are 2 for obvious reasons I'm not happy as being reported open.. > > I'm inclined to believe the bastill-netfilter.cfg file, but curious as > to why the difference. >
Your email is a little confusing to me, however I can try and help clear up your xinetd -> iptables question. With bastille running, everything will be filtered through your Bastille config file first. If Bastille allows it to pass, then xinetd will handle it. If you have Bastille setup to redirect, and xinetd on the same machine to redirect the same port, Bastille will redirect it and xinetd won't see it. /------\ | | | | | Internet | -> | Bastille | -> | Xinetd | \------/ | | | | HTH, Kevin
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
