/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
>> Sep 5 01:50:00 celerity kernel: Packet log: output REJECT ppp0 \
>> PROTO=6 204.151.43.203:1023 206.168.220.51:514 L=60 S=0x00 \
>> I=13684 F=0x0000 T=64 SYN (#98)
>>
>> ...and it repeats 4...5 times.
>
>the rejected packet is from port 1023 (privileged) to port 514.
>these rules only allow outgoing packets from unprivileged ports
>(1024:65535). either change the rules to match the protocol or
>(preferable) stop using rsh and use ssh exclusively.
Raf nailed this one (thanks!),
The R-cmds typically connect to low ports ( < 1024 ) and
their data reply is ALSO done on low ports. This is an old
IP protocol behavior and isn't used anymore. Because of
this old behavior and the fact that the R-cmds are so
insecure, I chose to disable traffic like this by default
in TrinityOS.
Even if you use SSH, you might STILL bump into this same
issue. The reason for this is that SSH was originally
a drop in replacement for the R-cmds so it needed to follow
this low port behavior. Fortunately with SSH's -P command
option, you can disable this low port reply mechanism. This
is doc'ed in TrinityOS's SSH section (and I guess I should add
this email to the trinityOS faq section).
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
