Hi SlavaU!
On Wed, 21 Mar 2001, SlavaU wrote:
1.
Packet log: output DENY ippp0 PROTO=1 [My ISDN Dynamic IP]:3 [ISP_DNS_IP]:3
L=56 S=0x00 I=11521 F=0x0000 T=127 (#3)
Port 3 means "compressnet". Could/should I allow this compressnet (and
You should notice the "PROTO=1", which means ICMP (for Internet
Control Message Protocol). Look at /etc/protocols for some other
protocols.
As there's no TCP or UDP packet, there's nothing like a a port. ICMP
is defined in RFC792.
In case of ICMP packets, a log entry contains
... <source address>:<ICMP message type> :<code> ...
So, <source address>:3 means "message type 3". RFC792 reads:
| Summary of Message Types
|
| 0 Echo Reply
| 3 Destination Unreachable
| 4 Source Quench
| 5 Redirect
| 8 Echo
| 11 Time Exceeded
| 12 Parameter Problem
| 13 Timestamp
| 14 Timestamp Reply
| 15 Information Request
| 16 Information Reply
and
| Destination Unreachable Message
| [...]
| Code
| 0 = net unreachable;
| 1 = host unreachable;
| 2 = protocol unreachable;
| 3 = port unreachable;
| 4 = fragmentation needed and DF set;
| 5 = source route failed.
Your host told some remote host, that a port the remote host wants to
connect to is not reachable.
And a qoute from the ipchains-HOWTO: "DO NOT DO NOT DO NOT block all
ICMP type 3 messages!"
As you can see from the list above, the other log entry results from a
simple ping command.
BTW, all this is explained in the ipchains-Howto.
You should read and understand it. How do you want to setup or
maintain a useful packet-filter if you don't know what you are doing?
Bye,
Carsten
--
Carsten Frewert
email: carsten@frewert.de