-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 04.06.2008 14:05, Simon Slater a écrit : | On Wed, 2008-06-04 at 10:05 +0200, François Patte wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Le 04.06.2008 01:03, Simon Slater a écrit : |> | |> | These are the type of logs now. None of these are appearing in timeing | with requests to the Internet from the laptop: | | [root@ipex ~]# tail /var/log/messages | Jun 4 21:41:35 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC= | SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104 | ID=5893 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0 | Jun 4 21:41:38 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC= | SRC=203.185.178.251 DST=59.101.218.205 LEN=48 TOS=0x00 PREC=0x00 TTL=104 | ID=5938 DF PROTO=TCP SPT=63507 DPT=26958 WINDOW=8192 RES=0x00 SYN URGP=0 Someone in Tahiti is scanning your computer.... No danger though! | [root@ipex ~]# | | However, when request to the Internet from the desktop: | | Jun 4 21:59:31 ipex kernel: [IPTABLES MASQ]IN= OUT=ppp0 | SRC=59.101.218.205 DST=203.63.53.112 LEN=60 TOS=0x00 PREC=0x00 TTL=64 | ID=3672 DF PROTO=TCP SPT=48673 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 no problem here: evry packet excaping from your desktop uses the "postrouting" chain.... And is logged by the rule. What is strange: we never see any request from the laptop: we should see some logged packets with SRC=laptop IP (192.168.0.6 as you said). What is the IP of eth0 on yor desktop? (ifconfig -a) | | [root@ipex ~]# lsmod | grep -i masquerade | ipt_MASQUERADE 7873 1 | ip_nat 22253 2 ipt_MASQUERADE,iptable_nat | ip_conntrack 56993 6 | ip_conntrack_ftp,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat,xt_state | x_tables 18501 12 | ipt_MASQUERADE,iptable_nat,xt_state,ip_tables,xt_multiport,ip6_tables,xt_mark,xt_MARK,ipt_LOG,ipt_REJECT,ip6t_REJECT,xt_tcpudp OK | [root@ipex ~]# | | Should this give something else? | | [root@ipex ~]# netstat -M | netstat: no support for `ip_masquerade' on this system. I think that this is a deprecated option or that it doesn't work with iptables... maybe some backward compatibility with ipchains.... - -- François Patte UFR de mathématiques et informatique Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)1 44 55 35 61 http://www.math-info.univ-paris5.fr/~patte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFIRtFjdE6C2dhV2JURApK2AKDThwdMxsghOdBc6m+qLVCmR8t8gACghXI1 /OuB0PNT6PcCLvglTsfGzbw= =x69t -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list