3/14/02 5:36:41 PM, Maciej Soltysiak <[EMAIL PROTECTED]> wrote: <snip> >I found out, that if you nmap any port, and change TOS both at prerouting >and output nmap says open. >Here's the tcpdump output: > >tcpdump: listening on eth0 >16:30:43.330595 bsd1.ae.poznan.pl > dns.toxicfilms.tv: icmp: echo request >16:30:43.330804 dns.toxicfilms.tv > bsd1.ae.poznan.pl: icmp: echo reply >16:30:43.331317 bsd1.ae.poznan.pl.44930 > dns.toxicfilms.tv.www: . ack 2644064441 >win 1024 [tos 0xc0] >16:30:43.331587 dns.toxicfilms.tv.www > bsd1.ae.poznan.pl.44930: R >2644064441:2644064441(0) win 0 (DF) [tos 0xc0] >16:30:43.658534 bsd1.ae.poznan.pl.44910 > dns.toxicfilms.tv.29: FP 0:0(0) win 1024 >urg 0 [tos 0xc0] >16:30:43.658749 dns.toxicfilms.tv.29 > bsd1.ae.poznan.pl.44910: R 0:0(0) ack 1 win 0 >(DF) [tos 0xc0] >16:30:43.960455 bsd1.ae.poznan.pl.44911 > dns.toxicfilms.tv.29: FP 0:0(0) win 1024 >urg 0 [tos 0xc0] >16:30:43.960665 dns.toxicfilms.tv.29 > bsd1.ae.poznan.pl.44911: R 0:0(0) ack 1 win 0 >(DF) [tos 0xc0] > >I do not know why, but if both of these rules are up, we get 2 XMAS/RESET >exchanges, whereas with one or none TOS rules we get one exchange. > >Any ideas? This seems to have something to do with the fact that PREROUTING bypasses INPUT and OUTPUT in certain cases, this must be one of them.
>I am not sure if it is a bug, or something normal. > >Maciej Soltysiak > > > ---------------------------------------- Ray Leach (Technical Support Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-444-5006 Fax: +27-11-444-5007 "No matter where you go, there you are." ----------------------------------------
