[Leaf-devel] Firewall rules Masquerading without connection ?

Eric Wolzak Fri, 2 Mar 2001 16:58:39 -0500 (EST)
Hello all

I posted this question on the lrp list but no one did reply  :(

I do think that it is important though.

I have a eigerstein router / variant kenneth hadley -dsl dynamic 
address.

On the router i found this masqueraded connection caused by a 
windows 95 machine 192.168.1.2 obvious doing "windows Stuff ;) ".

udp 1:26.02 192.168.1.2  50.171.209.212 137 -> 137 (62523)

The problem i have is the following:
As far as i read the ipchains rules my external interface doesn't 
allow traffic incoming or outgoing over port 137. 
If this shows up in actual masqueraded connection
doesn't it mean that there was or is a connection or is the cause 
the reject and wouldn't it show up if i denied ? 
If there was a real connection  then a ) I have a failure in my 
ipchains order, (don't see it ) or something doesn't function as it 
should, perhaps due to the virtual device pppoe is creating. 

I added a rule on the internal interface blocking port 137 with 
logging and got several hunderd hits a day.


This are the firewll rules as taken from the weblet, during the 
connection above  the blocking are put between stripes.

DENY icmp ----l- 0xFF 0x00  *  0/0  0/0 13 -> *
  0 0 DENY icmp ----l-    *  0/0  0/0 14 -> *
  0 0 DENY all  ----l-    ppp0 0.0.0.0  0/0 n/a
  0 0 DENY all  ----l-    ppp0 255.255.255.255  0/0 n/a
  0 0 DENY all  ----l-    ppp0 127.0.0.0/8  0/0 n/a
  0 0 DENY all  ----l-    ppp0 224.0.0.0/4  0/0 n/a
  0 0 DENY all  ----l-    ppp0 10.0.0.0/8 0/0 n/a
  0 0 DENY all  ----l-    ppp0 172.16.0.0/12  0/0 n/a
  0 0 DENY all  ----l-    ppp0 192.168.0.0/16 0/0 n/a
  0 0 DENY all  ----l-    ppp0 0.0.0.0/8  0/0 n/a
  0 0 DENY all  ----l-    ppp0 128.0.0.0/16 0/0 n/a
  0 0 DENY all  ----l-    ppp0 191.255.0.0/16 0/0 n/a
  0 0 DENY all  ----l-    ppp0 192.0.0.0/24 0/0 n/a
  0 0 DENY all  ----l-    ppp0 223.255.255.0/24 0/0 n/a
  0 0 DENY all  ----l-    ppp0 240.0.0.0/4  0/0 n/a
  0 0 DENY all  ----l-    ppp0 192.168.1.0/24 0/0 n/a
  0 0 REJECT all  ----l-    ppp0 0/0  127.0.0.0/8 n/a
  0 0 REJECT all  ----l-    ppp0 0/0  192.168.1.0/24  n/a
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 137
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 135
-----------------------------------------------------------------------------
  0 0 REJECT udp  ------    ppp0 0/0  0/0 * -> 137
----------------------------------------------------------------------------
  0 0 REJECT udp  ------    ppp0 0/0  0/0 * -> 135
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 138:139
  0 0 REJECT udp  ------    ppp0 0/0  0/0 * -> 138
  0 0 REJECT udp  ------    ppp0 0/0  0/0 137:138 -> *
  0 0 REJECT udp  ------    ppp0 0/0  0/0 135 -> *
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 137:139 -> *
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 135 -> *
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 113
24873 10M ACCEPT tcp  ------    ppp0 0/0  0/0 * -> 1024:65535
  0 0 REJECT udp  ----l-    ppp0 0/0  0/0 * -> 161:162
  0 0 ACCEPT udp  ------    ppp0 0/0  0/0 * -> 53
  0 0 ACCEPT udp  ------    ppp0 0/0  0/0 * -> 68
  0 0 DENY udp  ------    ppp0 0/0  0/0 * -> 67
 2208  956K ACCEPT udp  ------    ppp0 0/0  0/0 * -> 1024:65535
 33  2174 ACCEPT icmp ------    ppp0 0/0  0/0 * -> *
  0 0 ACCEPT ospf ------    ppp0 0/0  0/0 n/a
  0 0 DENY all  ----l-    ppp0 0/0  0/0 n/a
  0 0 REJECT udp  ----l-    *  0/0  0/0 * -> 161:162
  0 0 REJECT udp  ----l-    *  0/0  0/0 161:162 -> *
27311 1964K ACCEPT all  ------    *  0/0  0/0 n/a


Chain forward (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opt  tosa tosx  ifname mark outsize  source  
destination ports
  0 0 DENY icmp ----l-    *  0/0  0/0 5 -> *
25576 1765K MASQ all  ------    ppp0 192.168.1.0/24 0/0 n/a
  0 0 DENY all  ------    *  0/0  0/0 n/a


Chain output (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opt  tosa tosx  ifname mark outsize  source  
destination ports
53318 13M fairq  all  ------    *  0/0  0/0 n/a
  0 0 DENY all  ----l-    ppp0 0.0.0.0  0/0 n/a
  0 0 DENY all  ----l-    ppp0 255.255.255.255  0/0 n/a
  0 0 DENY all  ----l-    ppp0 127.0.0.0/8  0/0 n/a
  0 0 DENY all  ----l-    ppp0 224.0.0.0/4  0/0 n/a
  0 0 DENY all  ----l-    ppp0 10.0.0.0/8 0/0 n/a
  0 0 DENY all  ----l-    ppp0 172.16.0.0/12  0/0 n/a
  0 0 DENY all  ----l-    ppp0 192.168.0.0/16 0/0 n/a
  0 0 DENY all  ----l-    ppp0 0.0.0.0/8  0/0 n/a
  0 0 DENY all  ----l-    ppp0 128.0.0.0/16 0/0 n/a
  0 0 DENY all  ----l-    ppp0 191.255.0.0/16 0/0 n/a
  0 0 DENY all  ----l-    ppp0 192.0.0.0/24 0/0 n/a
  0 0 DENY all  ----l-    ppp0 223.255.255.0/24 0/0 n/a
  0 0 DENY all  ----l-    ppp0 240.0.0.0/4  0/0 n/a
  0 0 DENY all  ------    ppp0 192.168.1.0/24 0/0 n/a
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 137
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 135
------------------------------------------------------------------------
 12 936 REJECT udp  ------    ppp0 0/0  0/0 * -> 137 
obvious is ppp0 blocking effectively.?
-------------------------------------------------------------------------
  0 0 REJECT udp  ------    ppp0 0/0  0/0 * -> 135
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 * -> 138:139
  0 0 REJECT udp  ------    ppp0 0/0  0/0 * -> 138
  0 0 REJECT udp  ------    ppp0 0/0  0/0 137:138 -> *
  0 0 REJECT udp  ------    ppp0 0/0  0/0 135 -> *
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 137:139 -> *
  0 0 REJECT tcp  ------    ppp0 0/0  0/0 135 -> *
53306 13M ACCEPT all  ------    *  0/0  0/0 n/a

Chain fairq (1 references):
 pkts bytes target prot opt  tosa tosx  ifname mark outsize  source  
destination ports
/* deleted */

Thanks for any help 

Eric wolzak

_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Firewall rules Masquerading without connection ?

Reply via email to
