David Hoffman wrote:
Is there a way to tell the reason for rejection or the state of a packet from the log entry that IPTables generates? Here is an example of a log entry that I saw. AFTER valid traffic accepted, an SMTP session was setup, and postfix rejected the mail with an error code, I saw this message in my log:
Apr 10 06:40:29 master kernel: IN=eth1 OUT=MAC=00:50:ba:49:d8:aa:00:20:78:db:4f:3f:08:00 SRC=220.117.112.56 DST=192.168.158.1 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=54733 PROTO=TCP SPT=3705 DPT=25 WINDOW=0 RES=0x00 RST URGP=0
This is incoming, not outgoing packet. It contains RST flag, that would couse connection to be terminated.
Oh, and BTW, the above tells me (based on IP addresses) there is (probably) an NAT firewall doing DNAT before that packet hit the firewall on your mail server. It might be that something got blocked on that upstream NAT firewall. Another thing that I haven't mentioned in my previous mail is that you might have blocked some ICMP traffic that shouldn't be blocked (either on the machine in question or on the upstream NAT firewall).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
