On Tue, 2002-11-12 at 12:07, Steffen Dettmer wrote:
* Raymond Leach wrote on Tue, Nov 12, 2002 at 11:09 +0200:
Are you sure that no SMTP packet at all can reach your server? Then I would wonder why there are RST packets on wire...
Yup, here's the rule for that server:
$IPTABLES -A INPUT -i $IFACE_INET -p tcp --dport 25 -d $IP_INET_WEB1 -j REJECT --reject-with tcp-reset
Well, wouldn't it be possible that the "--reject-with tcp-reset" generates the TCP RST packet?!
Yes, but then why is it generated as being from the targeted server instead of the firewall? That means that I have to allow the target server to 'repond' to smtp 25 packets with a forwarding rule, or live with the entries in the log and one more packet on the network ...
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel. --