Differences between version 3 and previous revision of IptablesNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 3 | Last edited on Tuesday, October 12, 2004 10:22:11 am | by StuartYeates | Revert |
Older page: | version 2 | Last edited on Tuesday, October 12, 2004 10:20:51 am | by CriggieCriggie | Revert |
@@ -1,23 +1,7 @@
Miscellaneous notes on IPTables.
* iptables v1.2.6a (debian stable) doesn't seem to function correctly with kernel v2.4.24 if you're using the -m owner module. I used a backport from www.backports.org (http://www.backports.org/debian/dists/stable/iptables/) version 1.2.9 which seems to work fine.
-----
-From #WLUG one day...%%%
-<Criggie> Oct 13 10:04:33 lemonsqueezer kernel: Rej. tcp-syn : IN=eth1 OUT=
MAC=00:e0:29:2e:bc:c1:00:90:1a:40:04:11:08:00 SRC=202.3.246.123 DST=202..37.196 LEN=48 TOS=0x00 PREC=0x80 TTL=107 ID=4812 DF PROTO=TCP SPT=3933 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=%%%
-<Criggie> what I don't get is why his mac address is so long%%%
-<Criggie> MAC=00:e0:29:2e:bc:c1:00:90:1a:40:04:11:08:00 <-- strange%%%
-<Isomer> er%%%
-<Isomer> the reason it's so long%%%
-Criggie sits back for a lesson from daddy Isomer%%%
-<Criggie> tell us a story daddy Isomer%%%
-<Isomer> is it'
s the source mac address, destination mac address, layered protocol%%%
-<Isomer> it's a binary dump of
the entire mac
header%%%
-<Isomer> so the first 6 bytes are the source
, the second 6 are the dest,
and the last 2 are the protocol%%%
-<Criggie> wow%%%
-<Isomer> 0800 being IP%%%
-<Isomer> go wiki it :
)%%%
+* the [
MAC]
s listed in
the logs are
the full MAC
header, with
the two [MACAddress]es
and the [Protocol] (which explains their length
).
IsomerMadeMeDoThis
-
-Also compare with [MAC] and [MACAddress]