[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    This is confusing me!
From:       "Herbert J. Skuhra" <h.j.s () gmx ! at>
Date:       2002-05-26 21:41:52
[Download RAW message or body]

Hei!

I am running IPFilter 3.4.27 on FreeBSD 4.6RC2. Well everything is
working fine, but one thing is confusing me. I hope some one can
enlighten me:

My ipf.conf has 17 rules and on line 15 I have a "block return-rst in
log quick on xl0 proto tcp all". Earlier I block some special ips and
pass in port 22, 80, 443. So when I telnet to my ip and choose a random
port it is blocked and I get immediately a connection refused. OK, looks
good.
But when I do a "$telnet <my ip> 111" I get "Operation timed out" after
about 75 seconds. If I run portscanner <my ip> 110 112 only 110 and
112 are blocked. 

OK I have created a file for ipftest that contains the following lines: 

in on xl0 tcp <foreign ip>,1345 <my ip>,110
in on xl0 tcp <foreign ip>,1345 <my ip>,111
in on xl0 tcp <foreign ip>,1345 <my ip>,112

The result of "# ipftest -r /etc/ipf.conf -i ipftest" is:

# ipftest -r /etc/ipf.conf -i ipftest
opening rule file "/etc/ipf.conf"
input: in on xl0 tcp <foreign ip>,1345 <my ip>,110
block return-rst ip 40(20) 6 <foreign ip>,1345 > <my ip>,110
--------------
input: in on xl0 tcp <foreign ip>,1345 <my ip>,111
block return-rst ip 40(20) 6 <foreign ip>,1345 > <my ip>,111
--------------
input: in on xl0 tcp <foreign ip>,1345 <my ip>,112
block return-rst ip 40(20) 6 <foreign ip>,1345 > <my ip>,112
--------------

foreign ip ... a friends computer where I run the telnet commands.

So why do I get an "operation timed out" only on port 111?
No matter if I run portmap (sunrpc, 111) or not.
Maybe I had to much vodka the previous days? Any comments welcome!
Thanks!

Regards,
Herbert
[prev in list] [next in list] [prev in thread] [next in thread]