RE: Circumventing IPTables

[Stewart Thompson]

Chris:               The information you give is a little sketchy for any of us to give you a good answer. In general the order of the rules is important. If the packet traverses a rule which accepts it before it reaches your ban rule, it will make it through every time. Review your rules carefully. If you are forwarding to a machine inside your network, there must be a DNAT and Forward rule associated with this as well. How about reposting with the pertinent rules, a printout of your iptables –v –L –t nat and iptables –v –L FORWARD.     Stu………..       -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Hoeschen Sent: April 29, 2002 4:25 PM To: [EMAIL PROTECTED] Subject: Circumventing IPTables   I have a situation on my network.  I want to block access to my site (web server, etc) from a IP address class.  I created a rule to drop connections coming from this IP address range (iptables -A BANNED -p tcp -s 1.2.3.4/16 -j DROP) but this person keeps getting connected to me.  I know this because my message boards on my web server logs the IP address of the poster and I am getting a post from ip address 1.2.150.200 which should be included in the DROP rule.  Now I added a log rule with the same IP address and I don't see any log entries.  The only logical conclusion I can come up with is this person is somehow finding a way to circumvent my firewall.   My question to you all and to you hackers is is there a way to get around a firewall based on IPTables either by spoofing an IP address or creating a TCP packet that IPTables lets though or any other way you can possible think of to get around a IPTables based firewall?   I should also add that my firewall is dedicated and my web server is behind it getting its packets forwarded.  In my FORWARD chain I have all packets going though the BANNED user defined chain (iptables -A FORWARD -j BANNED.)  Also I have tested this by blocked myself and I can't connect to anything when I am blocked.  I also blocked other people and they all told me that they can't get though so I know it is working.   Please Help because I am almost out of hair!!!!!!