Re: iptables reject with TCP RST
Hello,
On Mon, May 15, 2023 at 09:40:10AM +0800, Tom Reed wrote:
> Yes after each telnet from client host, the count was increased.
>
> 0 0 REJECT tcp -- any any anywhere
> anywhere tcp dpt:imaps reject-with tcp-reset
> 0 0 REJECT tcp -- any any anywhere
> anywhere tcp dpt:imap2 reject-with tcp-reset
> 99 4620 REJECT tcp -- any any anywhere
> anywhere tcp dpt:submission reject-with tcp-reset
In that case, we must conclude that the TCP RST being sent back never
gets to your source host.
You can try a tcpdump at both ends that shows only RST packets:
# tcpdump -n -v "tcp[tcpflags] & (tcp-rst) != 0"
then when you do the telnet, do you see a packet with "Flags [R…]"
at both server side and client side?
You could also try --reject-with icmp-port-unreachable to see if
that behaves differently.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: