I have a "new not syn" packet needed MINUS BS PLEASE
Bruno Negrão
Bruno Negrão
Fri, 4 Jan 2002 15:57:33 -0200
:-) Hy Planet X and everybody.
I'm happy because you didn't understand the Jim's answer too. When I
accessed his site I asked myself "What does it have to do with my
problem!!" :-)
But I finally found why I couldn't access the redhat's login site(and it's
not related with iptables!!): My Mozilla browser seems not to support https
protocol. When I open my Netscape browser, the page arrives fine!!
(unfortunately, I started to use Mozilla the same time I started to
configure iptables rules, that's why I got confused thinking it was a
problem with the rules)
Thank you all,
bruno negrão.
----- Original Message -----
From: "Planet X" <planetxx@richnet.net>
To: <netfilter@lists.samba.org>
Sent: Friday, January 04, 2002 3:13 AM
Subject: Re: I have a "new not syn" packet needed MINUS BS PLEASE
> Ok, I hate to open up a can of worms (again), but can anybody who really
> truly knows IPTABLEs tell me if this is a bullshit answer from Jim or not.
>
> I am sorry but I have to say something when I feel somebody is creating
> a smoke screen of techobabel when people are really trying to learn
> something about IPTABLES.
>
> Bruno Negrao asked a simple question about why he could not access
> part of the Redhat web site on his firewall box after adding some
parameters
> to his IPTABLEs firewall. Jim replys some cryptic message about
> using 2002. I think 2002 is a bullshit answer and means absolutely nothing
> outside of Jims mind. Bruno asks for a clarification and Jim sends him
> and even more bullshit answer but this time, with a nice little web site
> (designed by Jim) URL to his IPv8 tutorial and a record of various emails
> from people (including Jim) on an actual government funded site.
>
> Where in any of this email can you find Jim ACTUALLY answering
> Bruno with any kind of a related answer?
>
> Thanks,
>
> Joel
>
>
>
> ----- Original Message -----
> From: "Jim Fleming" <jfleming@anet.com>
> To: "Bruno Negrão" <bnegrao@engepel.com.br>; <netfilter@lists.samba.org>
> Sent: Thursday, January 03, 2002 11:13 AM
> Subject: Re: I have a "new not syn" packet needed
>
>
> As an example....3:219 is for .INFO....that is 03DB
>
> http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt
>
> http://www.dot-biz.com/INFO/IPv7/index.html
>
> Jim Fleming
> 2002:[IPv4]:000X:03DB
> http://www.IPv8.info
>
>
> ----- Original Message -----
> From: Bruno Negrão
> To: netfilter@lists.samba.org
> Sent: Thursday, January 03, 2002 5:18 AM
> Subject: Re: I have a "new not syn" packet needed
>
>
> Jim, thank you for answering me.
>
> But I don't know what you mean about "2002 prefix". What's this? Maybe I
> use it and don't know....
> ----- Original Message -----
> From: Jim Fleming
> To: Bruno Negrão
> Sent: Thursday, January 03, 2002 2:00 PM
> Subject: Re: I have a "new not syn" packet needed
>
>
>
> Do you use a 2002 prefix ?
>
> Jim Fleming
> 2002:[IPv4]:000X:03DB
> http://www.IPv8.info
>
>
> ----- Original Message -----
> From: Bruno Negrão
> To: netfilter@lists.samba.org
> Sent: Thursday, January 03, 2002 5:04 AM
> Subject: I have a "new not syn" packet needed
>
>
> Hy all,
>
> I have configured my iptables rules to block every new not syn
> packet. The rule is:
> iptables -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP.
>
> The problem is that there is some sites that I can't browse from my
> firewall box. (for example, the "login" page in the redhat's site).
> I read in the iptables Tutorial that "new not syn" packets are not
> used in the standard implementations.
>
> Could someone give me some opinions about this subject? How must I
> proceed?(do I block all new not syn packets?)
> Also, could someone explain me what is the syn bit?
> Bellow is the log of the dropped new not syn packet originated from
my
> firewall (SRC=200.195.39.14):
>
> Jan 3 16:27:20 15bis kernel: New not syn:IN= OUT=eth0
> SRC=200.195.39.14 DST=216.148.218.197 LEN=40 TOS=0x00 PREC=0x00 TTL=64
> ID=5376 PROTO=TCP SPT=1035 DPT=80 WINDOW=6432 RES=0x00 ACK PSH FIN URGP=0
>
> Thank you,
> -----------------------------------------------
> -- Bruno Negrão -- Suporte
> -- Plugway Acesso Internet Ltda.
> -- (31)34812311
> -- bnegrao@plugway.com.br
>
>
>
>
>