New not syn: IN =OUT=eth1
Hi
I'm new both to this mailing list and firewalls.
I set up a simple firewall and SNAT using iptables. All works fine
except that sometimes I see the following in the /var/log/syslog
Mar 30 08:54:23 dobby kernel: New not syn:IN= OUT=eth1 SRC=314.12.142.106 \
DST=314.12.128.3 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=60918 DF PROTO=TCP \
SPT=32804 DPT=119 WINDOW=31856 RES=0x00 ACK PSH FIN URGP=0
Could you please tell me what might be the probable reason for these
messages? The actual rule that produces them is
iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn:"
iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
where
iptables -N bad_tcp_packets
iptables -A INPUT -p tcp -j bad_tcp_packets
iptables -A FORWARD -p tcp -j bad_tcp_packets
iptables -A OUTPUT -p tcp -j bad_tcp_packets
The mentioned above errors appear when I get news using email client
Sylpheed on the machine where iptables command are executed e.g press
Get all button in the email client. What I specially would like to be
told of is:
1) Could the mistake in the firewall settings be the likely reason
for this error messages or not?
2) What does IN= OUT=eth1 mean ? I'd think it should be IN or OUT
not both at the same time.
Thanks in advance
--
Vladimir Zolotykh
Reply to: