Re: New not syn: IN =OUT=eth1
Vladimir Zolotykh wrote:
I'm new both to this mailing list and firewalls.
I set up a simple firewall and SNAT using iptables. All works fine
except that sometimes I see the following in the /var/log/syslog
Mar 30 08:54:23 dobby kernel: New not syn:IN= OUT=eth1 SRC=322.214.171.124 \
DST=3126.96.36.199 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=60918 DF PROTO=TCP \
SPT=32804 DPT=119 WINDOW=31856 RES=0x00 ACK PSH FIN URGP=0
Could you please tell me what might be the probable reason for these
messages? The actual rule that produces them is
iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn:"
iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
iptables -N bad_tcp_packets
iptables -A INPUT -p tcp -j bad_tcp_packets
iptables -A FORWARD -p tcp -j bad_tcp_packets
iptables -A OUTPUT -p tcp -j bad_tcp_packets
The mentioned above errors appear when I get news using email client
Sylpheed on the machine where iptables command are executed e.g press
Get all button in the email client. What I specially would like to be
told of is:
1) Could the mistake in the firewall settings be the likely reason
for this error messages or not?
2) What does IN= OUT=eth1 mean ? I'd think it should be IN or OUT
not both at the same time.
Thanks in advance
"IN=" indicates the interface a packet came in on, "OUT=" indicates the
interface a packet went out on. "IN= OUT=eth1" means that it is a
packet originating from your machine and going out on the eth1
interface. There is no value for "IN=" because the packet didn't come
in on any interface.
I hope this helps.
Utica College Department of
Integrated Information Technology Services
Data Processing Office
Registered Linux User #408177