Re: newbie iptables question
"s. keeling" <keeling@spots.ab.ca> wrote in message news:<2sOYz-7Xu-15@gated-at.bofh.it>...
> Incoming from Wanda Round:
> > After reading that I should look through /var/log/messages, I did
> > and found many lines like these:
> >
> > Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
> > SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
> > ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
>
> - It came in over ppp0.
>
> - It didn't get back out.
>
> - No network card was involved.
>
> - It came from 201.129.122.85
>
> - Your IP was 12.65.24.43
>
> - [Other stuff]
>
> - It was TCP protocol (as opposed to UDP, ICMP, ...)
>
> - It came from their port #4346.
>
> - It went at your port #445.
>
> - [Other stuff]
>
> The only thing I tend to care about is:
>
> - What, on my machine, is at port #445 (nothing). "grep 445 /etc/services".
>
> - If it's an INcoming or OUTgoing packet, is it (related to)
> something I started?
>
> - Many things (like 53, DNS) are just idiots out there who (for
> whatever reason) think you are their nameserver. Ignore them.
>
> - Many hits on your box are from viruses and worms looking to infect
> your box. Ignore them.
>
> - Many hits are from spammers trying to find out if they can use you
> as an open mail relay. Ignore them.
>
S. Keeling,
Many thanks for the clear, tiny-bite answer! Which specific item
tells you that it "didn't get back out"?
You're saying that as long as the incoming doesn't get back out
I'm ok, correct?
Every line I saw in the /var/log/messages had the same kind of
thing only with different MAC addresses. Does this mean, FROM
THE LITTLE YOU'VE SEEN, that the iptables is doing a good job?
--
Wanda
Reply to: