On Thursday 06 December 2001 10:59 am, Wes Bateman wrote: > You mention your qmail server, is that the box that was "attempting > to connect" to port 6000 on an outside host?
Yes, it is my box that is initiating the connections. > If the box that is sending traffic from port 25 to port 6000 is a > mail server, then you should verify whether these packets are SYNs > or, more likely, SYN/ACK or PSH/ACK type packets. They are all SYN/ACK packets. Oops. > In other words, is this really the initiation of a connection, or is > it just your mailserver replying to a connection initiated by an > outside host (which randomly selected port 6000, so this would not > happen often statistically, but it WILL happen) to port 25 on your > box? I thought that this firewall rule would take care of things: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT But according to the manual, "ESTABLISHED meaning that the packet is associated with a connection which has seen packets in both directions", so I guess that wouldn't account for attempting to finish a hand shake from something delivering mail. I've added the "--syn" option to the TCP rules for catching outgoing X connections; that should take care of things (I hope). Thanks muchly for the advice. -- Matthew Cline | Suppose you were an idiot. And suppose that [EMAIL PROTECTED] | you were a member of Congress. But I repeat | myself. -- Mark Twain