[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Ipnat interfering with ipfilter?
From:       Carlos Villegas <villegas () math ! gatech ! edu>
Date:       2003-02-24 16:48:31
[Download RAW message or body]


Exactly, so it means that the packets are being dropped even before they
reach your machine. It would be very reasonable for them to block a
trouble port (like elite), so the ones you see as filtered, are not in
fact even reaching your machine (add logging and see for your self).

Carlos

> > You're being firewalled by your ISP (I know you said you're checking from
> > their "inside"), but take a look at the nmap output. The Elite port shows
> > there, however you have no explicit rule for it on your filtering/natting
> > rules.
>
> Shouldn't that be caught by the DEFAULT_BLOCK bit in the kernel though, and
> then be told to return-rst by the last TCP rule?  I find it strange that
> every port gets a rst except those few?
>
>  - Philip [confused]
[prev in list] [next in list] [prev in thread] [next in thread]