firewallspotting
daniel
danstemporaryaccount-FFYn/CNdgSA at public.gmane.org
Thu Dec 30 00:08:05 UTC 2004
On December 29, 2004 06:41 pm, Ilya Palagin wrote:
> Something is trying to connect to port 6881 on your server. The server
> is replying with ICMP Type 3,
> which stands for "Destination unreachable" message. Your iptables stack
> doesn't have a rule which allows those kind of packets to go out.
>
> To simulate this situation, just try to connect to the same port from an
> outside IP address like this:
> telnet <your IP> 6881
>
> or with a more advanced tool like NetCat.
ahh thank you! now i understand. i was running azureus (a bittorrent client)
on the mac and had left the nat port forwarding on, even though the box was
off.
so now i have a question regarding policy. should i be allowing outgoing icmp
packets or just keep things the way they are -- being dropped. is what i'm
currently doing considered bad form? at present i only allow established or
related traffic through along with outgoing connections to basic ports (80,22
etc) and a few incoming packets for services.
--
laws are like spider webs. if some poor weak creature comes up against them,
it is caught. but the bigger one can break through and get away.
- solon, greek philosopher, c. 630-555 B.C.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list