Eric --
I'm not used to reading Weblet output, but if I read this right, it
may look odd but actually is all 3 chains doing what they are supposed to.
Step 1 -- input chain. The rule you mark there is:
> 0 0 REJECT udp ------ ppp0 0/0 0/0 * -> 137
Well, this will REJECT off-LAN replies that come on interface ppp0, but it
won't affect packets that originate on the internal interface (eth0, I
suppose). AS you say later ...
>I added a rule on the internal interface blocking port 137 with
>logging and got several hunderd hits a day.
.. and prior to your doing this, they would encounter (eventually) an ACCEPT
rule or policy. So that gets the packets past the input chain.
Step 2 -- forward chain. The relevant rule there is
>25576 1765K MASQ all ------ ppp0 192.168.1.0/24 0/0 n/a
and that causes the packets from your Win98 host's port 137 to be MASQ'd, as
you report.
Step 3 -- output chain. This catches the MASQ'd packets based on their
destination.
> 12 936 REJECT udp ------ ppp0 0/0 0/0 * -> 137
So everything works as it should.
(It also illustrates why I normally write firewall rulesets in which all the
"protective" portions are in the input chain, but that's just me and my
preferences.)
At 10:43 PM 3/2/01 +0100, Eric Wolzak wrote:
>Hello all
>
>I posted this question on the lrp list but no one did reply :(
>
>I do think that it is important though.
>
>I have a eigerstein router / variant kenneth hadley -dsl dynamic
>address.
>
>On the router i found this masqueraded connection caused by a
>windows 95 machine 192.168.1.2 obvious doing "windows Stuff ;) ".
>
>udp 1:26.02 192.168.1.2 50.171.209.212 137 -> 137 (62523)
>
>The problem i have is the following:
[remaining details deleted]
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
