Re: iptables reject with TCP RST

To: debian-user@lists.debian.org
Subject: Re: iptables reject with TCP RST
From: "Tom Reed" <tom@dkinbox.com>
Date: Mon, 15 May 2023 09:10:24 +0800
Message-id: <[🔎] 20279042478c05085232c7a95e64f967.squirrel@dkinbox.com>
In-reply-to: <ZGESxfYzBCE/nPcq@bitfolk.com>
References: <[🔎] 8845e974c6c329fd9fed4fc159b9aa78.squirrel@dkinbox.com> <ZGESxfYzBCE/nPcq@bitfolk.com>

>
> so whatever your 193.106.250.x host is, maybe it did indeed block
> the packets itself, but would be good to verify.
>

Hello

I have checked for details but didn't get the luck.

My destination host does have the rules:

REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:993
reject-with tcp-reset
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143
reject-with tcp-reset
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:587
reject-with tcp-reset


And I telnet from two different DCs (one is Dallas, another is LA), both
got timeout, rather than the expected disconnection quickly.

$ telnet 193.106.250.86 587
Trying 193.106.250.86...
telnet: Unable to connect to remote host: Connection timed out


If I clean iptables in the destination host, this telnet will get success
at once.

Any hints?

Thanks.


-- 
sent from https://dkinbox.com/

Reply to:

Follow-Ups:
- Re: iptables reject with TCP RST
  - From: Andy Smith <andy@strugglers.net>

References:
- iptables reject with TCP RST
  - From: "Tom Reed" <tom@dkinbox.com>
- Re: iptables reject with TCP RST
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: No space left on device ...
Next by Date: Re: iptables reject with TCP RST
Previous by thread: Re: iptables reject with TCP RST
Next by thread: Re: iptables reject with TCP RST
Index(es):
- Date
- Thread