Packets dropped by iptables

Juan L. Pastor seguridadlinux at yahoo.es
Tue Oct 12 19:21:07 UTC 2004 

Hi,

I have setup iptables according to the documentation on the iptables
page and the example at
http://www.brandonhutchinson.com/iptables_fw.html

My current setup (/etc/sysconfig/iptables) is:

# Generated by iptables-save v1.2.9 on Mon Oct 11 12:11:44 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOGDROP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.4 -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -j LOGDROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A LOGDROP -j LOG --log-level 7 --log-prefix "Bad packet from eth0:"
-A LOGDROP -j DROP
COMMIT
# Completed on Mon Oct 11 12:11:44 2004

I use aMule software, and I read on the amule firewall how-to at
http://www.amule.org/wiki/index.php/Firewall that I should accept tcp
port XX, udp port XX+3 and udp port YY, with XX and YY the TCP and UDP
ports setup in amule. I didn't add these rules, as I see no difference
between having them or not, as it is my machine the one that initiates
the connection, and I have the following rule:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

But when I look at the log, I see lots of:

Oct 12 21:18:26 kalimotxo kernel: Bad packet from eth0:IN=eth0 OUT=
MAC=00:50:8d:e3:19:cb:00:90:d0:bc:56:db:08:00 SRC=80.25.178.113
DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=120 ID=28653 PROTO=TCP
SPT=4662 DPT=36455 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct 12 21:18:50 kalimotxo kernel: Bad packet from eth0:IN=eth0 OUT=
MAC=00:50:8d:e3:19:cb:00:90:d0:bc:56:db:08:00 SRC=82.82.102.218
DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=120 ID=24226 PROTO=TCP
SPT=4662 DPT=36563 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct 12 21:18:52 kalimotxo kernel: Bad packet from eth0:IN=eth0 OUT=
MAC=00:50:8d:e3:19:cb:00:90:d0:bc:56:db:08:00 SRC=62.48.113.158
DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=118 ID=21077 PROTO=TCP
SPT=4662 DPT=36569 WINDOW=0 RES=0x00 ACK RST URGP=0

I think these are acknowledge packets, and they should be accepted (BTW,
4662 is my TCP port for amule). Why are they not accepted by the above
rules (state ESTABLISHED) and how can I accept these dropped packets?

Juan

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

More information about the fedora-list mailing list