Hello,
I'm having some trouble with a mailserver outside when I send mail through my firewall. The mailserver wants to connect to port 113 on my box, which is closed, so the connection times out and sending mail seems to last endlessly. That's why I've added these 2 rules to my firewall-script:
$IPTABLES -A INPUT -i $EXT -p TCP -s $ms --dport 113 -j REJECT $IPTABLES -A FORWARD -i $EXT -p TCP -s $ms --dport 113 -j REJECT
where $EXT is my external device and $ms is the mailserver.
But still I get entries like these in my logs:
Nov 26 20:26:52 internet kernel: DROP-TCP IN=ppp0 OUT= MAC= SRC=<Mailserver-IP> DST=<my external IP> LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=38856 PROTO=TCP SPT=3672 DPT=113 WINDOW=16384 RES=0x00 SYN URGP=0
wich means, that the last rule (reject everything) catches those requests.
You could try more general rules like iptables -I INPUT 1 -p TCP --dport 113 -j REJECT iptables -I INPUT 1 -p TCP --dport 113 -j LOG --log-prefix " Input identd" iptables -I FORWARD 1 -p TCP --dport 113 -j REJECT iptables -I FORWARD 1 -p TCP --dport 113 -j LOG --log-prefix " Forward identd" In this case the first 2 rules should be 1. Logging 2. Rejecting anything that goes to port 113 Then you could narrow your selection. Andreas