/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi
> On Tue, 5 Sep 2000, raf wrote:
>
> : > ACCEPT tcp ------ mail.pcraft.com yeehaw.csd.net any -> shell
> : > ACCEPT tcp ------ yeehaw.csd.net mail.pcraft.com shell ->
> 1024:65535
> :
> : this looks wrong: why accept incoming packets from any port but only
> : accept outgoing packets to unprivileged ports? if a packet comes in
>
> This was changed two minutes after I had sent my message out to
> be 'any -> shell' and 'shell -> any', it still did the same thing: refuse
> from both ends.
>
Have you tried 'checking' your chains with packets like those that you
describe? Try something like the following:
1. Check if DNS lookups on the names concerned work.
2. Check the chains:
ipchains -C input -s mail.pcraft.com 1234 -d yeehaw.csd.net 514 -p tcp
-i <INIF>
ipchains -C forward -s mail.pcraft.com 1234 -d yeehaw.csd.net 514 -p
tcp -i <OUTIF>
ipchains -C output -s mail.pcraft.com 1234 -d yeehaw.csd.net 514 -p tcp
-i <OUTIF>
and see if the packet makes it through. If it doesn't, try to find the
offending rule by removing parts of the chains and repeating the above.
HTH
Tobias
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
