Gentoo Archives: gentoo-user

From: James <wireless@×××××××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: OT: iptables mac filtering
Date: Fri, 11 Aug 2006 21:44:57
Message-Id: loom.20060811T230121-160@post.gmane.org
In Reply to: Re: [gentoo-user] Re: OT: iptables mac filtering by Richard Fish
1 Richard Fish <bigfish <at> asmallpond.org> writes:
2
3 > > I need a rule on the 3 (nic) interface firewall so that only
4 > > ssh from the LAN is allowed to the firewall or sytems (web
5 > > server, mail dns) in the DMZ. Only one static ip is routable
6 > > to this site. SSH from the outside should be completely blocked.
7
8 > # allow ssh connections from LAN to us
9 > iptables -A INPUT -i $IF_LAN -p tcp --dport 22 -j ACCEPT
10 > # allow routing of ssh connections from LAN to DMZ hosts
11 > iptables -A FORWARD -i $IF_LAN -o $IF_DMZ -p tcp --dport 22 -j ACCEPT
12 > # deny all other ssh connections
13 > iptables -A INPUT -p tcp --dport 22 -j DROP
14 > iptables -A FORWARD -p tcp --dport 22 -j DROP
15
16
17 Richard,
18
19 These rules worked like a charm. I had something similar, but had
20 the syntax messed up.
21 thx.
22
23 Now I have ONE big problem.
24 Spammers. (I think).
25
26 Running a sniffer between my firewall and the cable box's
27 ethernet (single static IP),
28 I see:
29
30 hackIP myIP TCP smtp > 55634 (RST,ACK) Seq=0 ACK=1 WIN=0 LEN=0 MSS=1460
31 myIP hackIP TCP 55634 > smtp (SYN) Seq=0 ACK=1 WIN=0 LEN=0
32 hackIP myIP TCP smtp > 55634 (RST,ACK) Seq=0 ACK=1 WIN=0 LEN=0 MSS=1460
33 myIP hackIP TCP 55634 > smtp (SYN) Seq=0 ACK=1 WIN=0 LEN=0
34 hackIP myIP TCP smtp > 55634 (RST,ACK) Seq=0 ACK=1 WIN=0 LEN=0 MSS=1460
35 myIP hackIP TCP 55634 > smtp (SYN) Seq=0 ACK=1 WIN=0 LEN=0
36
37 Last night I saw this for a while and then a storm of smtp traffic.
38 This site does not even run a mail server and all systems where
39 shutdown except for the firewall and the sniffer.
40
41 This explains why this site is listed as a spammer site...
42 Somebody has been reflecting email off of this site for some time,
43 I suspect.
44
45 Got any idea for a (iptables) syntax to stop this? Do I need to
46 reinstall the sysetm (gentoo-hardened firewall)???????
47
48 thoughts and ideas are welcome.
49
50 --
51 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] Re: OT: iptables mac filtering Richard Fish <bigfish@××××××××××.org>