FW: [lug] FW: ipchains incongruity

[Atkinson, Chip]

Ok, thanks.  I'll double check the source port number and see if that helps.
This should last me until 11:00 tonight. :-)

> -----Original Message-----
> From: D. Stimits [mailto:stimits at idcomm.com]
> Sent: Thursday, March 22, 2001 12:04 PM
> To: lug at lug.boulder.co.us
> Subject: Re: FW: [lug] FW: ipchains incongruity
> 
> 
> "Atkinson, Chip" wrote:
> > 
> > Sorry. I hit send before finishing.  Here's the right version:
> > 
> > -----Original Message-----
> > From: Atkinson, Chip
> > Sent: Thursday, March 22, 2001 11:50 AM
> > To: 'lug at lug.boulder.co.us'
> > Subject: RE: [lug] FW: ipchains incongruity
> > 
> > Thanks for the reply.  Sorry for leaving out all that 
> information.  The
> > kernel I'm using is a 2.2 kernel.  I run the script, check 
> to see if it
> > works and if it doesn't, which has been the case, run 
> ipchains -F to restore
> > to the working original configuration.  I'm not putting the 
> rules into any
> > place that they could be run automatically.
> > 
> > The weird thing is that I take the deny message from the 
> log and make the
> > test command and it replies accepted.
> > 
> > Thus, I take
> > Mar 22 07:16:30 poodle kernel: Packet log: output DENY ppp0 PROTO=6
> > 199.45.150.249:25 199.45.150.1:13544 L=44 S=0x00 I=54145 
> F=0x4000 T=64 (#6)
> > 
> > and make the command
> > ipchains -C output -i ppp0 -s 199.45.159.249 25 -d 199.45.150.1 smtp
> > and get accepted.
> 
> I see the above ipchains -C and wonder about something. The source is
> explicitly port 25. The destination is also smtp, or port 25. In order
> for this one to accept, both source and destination must be port 25.
> When using email sends, only the destination will be port 25, 
> unless you
> are winning the lottery that day. Try with source allowing any port.
> 
> > 
> > That's why I'm puzzled.
> > 
> > Sorry again for the previous bogus post.
> > 
> > Chip
> >