Re: newbie iptables question
On 14 Aug 2004, s. keeling wrote:
> Incoming from Bernd Eckenfels:
>> In article <[🔎] 20040814044233.GG18309@infidel.spots.ab.ca> you wrote:
>>>>>> Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
>>>>>> SRC=22.214.171.124 DST=126.96.36.199 LEN=48 TOS=0x00 PREC=0x00 TTL=115
>>>>>> ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
>>> It all depends on whether you have services running on your machine
>>> that listen on DPT (445 in this case). If something is there to "pick
>>> up the phone" so to speak, anything can happen. That service could
>>> answer on another port altogether.
>> Well, you need to check if DST= is a local address, anyway.
> Are you suggesting that I might see stuff in my logs that was destined
> for a foreign IP?
Not often, but occasionally, depending on how your ISP connects you to
the Internet. It is most common on a LAN or a cable setup.
> If so, that would make me an open mail relay, no?
No. Being an open mail relay would make you an open mail relay. Your
firewall has pretty much nothing to do with that -- only the
configuration of your mail server really matters.
Have you considered using some sort of friendly setup, such as shorewall
or firehol, to deal with the technical details of firewalling for you?
I sounds like you are pretty unsure on your feet here, and those tools
take a lot of the uncertainty out of building a firewall...
We can keep from a child all knowledge of earlier myths, but
we cannot take from him the need for mythology.
-- Carl Jung