telnet on local LAN question
Paul Allen Newell
pnewell at cs.cmu.edu
Thu Aug 18 05:21:24 UTC 2011
partial answers to two replies ...
On 8/17/2011 6:07 AM, Rick Sewill wrote:
> May I suggest inserting an entry, at this spot, for mail, something like the
> following.
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
> The goal of the previous line is to jump to "ACCEPT" for any mail packet
> establishing a new connection.
>
> Instead of the above line, you might want to specify a source IP address range
> to limit which IP addresses can send mail to your machine.
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -s 192.168.2.0/24 -j
> ACCEPT
On 8/17/2011 12:49 PM, Roberto Ragusa wrote:
> I would have just duplicated the ssh rule, which works, for port 23.
>
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
>
First, there are other parts of your email that I need to reply to
separately, I just wanted to group the two actions into a single email.
I tried what you suggested, ending up with iptables of:
+++
[...]
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:23
6 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
+++
and a second version of:
[...]
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 192.168.2.0/24 0.0.0.0/0 state NEW tcp
dpt:23
6 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
+++
I ran the tests again and observed that:
telnet <name> 23 returns with Connection refused
telnet <name> 25 returns with No route to host
telnet <name> returns with Connection refused
This confirms that the rules are doing something, just not what I want
Looking in the /var/log/messages of the machine I am trying to telnet
to, I think I am seeing a change in which the following is printed out
(the first is for either the telnet to 23 or the generic telnet and the
second is the telnet to 25):
+++
Aug 17 21:24:07 chalupa kernel: [ 4661.818442] IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00 SRC=192.168.2.100
DST=192.168.2.255 LEN=234 TOS=0x00 PREC=0x00 TTL=128 ID=63637 PROTO=UDP
SPT=138 DPT=138 LEN=214
Aug 17 21:25:14 chalupa kernel: [ 4728.256249] IN=eth0 OUT=
MAC=00:e0:81:00:4c:b0:00:e0:81:00:62:94:08:00 SRC=192.168.2.11
DST=192.168.2.10 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=53181 DF PROTO=TCP
SPT=34288 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
+++
What is puzzling is that I see the dport is no longer 23, its 138 and
the PROTO is now UDP instead of TCP (???)
I also noticed that I began seeing one of the new messages showing up in
the log of the machine sending the request (when I was trying to have
iptable entries for them, all three tests would show up in destination
machine log)
I tried dropping my firewall and all security on my Linksys WRT54GL
(test machines are wired connections into it) and only the telnet 25
shows up in logs ... all other messages are gone. The telnet requests
didn't make it through with firewall/security down.
I don't even know what question to ask at this point. It feels like
progress (and I can send a full dump of everything) and I certainly have
a better understanding of iptables, but the dport/PROTO change is left
field to me.
Thanks,
Paul
ps: other questions from all replies answered in another email ... I've
got this testing down to a point where I am can restore to known state
with confidence
More information about the users
mailing list