The Joys of IPtables

[Saeed42]

We have server which we use as a tftp server and everything seems to work fine but PIX firewall, after close investigation I realised that the pix connects to the firewall on the normal tftp port then the server connects to the pix to a random port and the source port is 12345 the firewall connects back to the server on port 12345 using the same source port as the initial connection of the server



69<-----
12345----->1859
12345<-----1859
Server Firewall

I've allowed port 12345 but that didn't solve the problem, so I looked the IPtables bit deeper and could find about six lines that could effect the returning connection and after removing them all is well, but since my IPtables knowledge is not up to scratch I was wondering if the removal of those lines made my security a joke, so this is where I need your help, I would appreciate if anyone could explain to me what these lines are meant to be doing.


-A INPUT -s 192.0.2.0/255.255.255.0 -d 192.168.253.0/255.255.255.0 -i eth0 -j LD
-A INPUT -s 192.168.0.0/255.255.0.0 -d 192.168.253.0/255.255.255.0 -i eth0 -j LD

-A INPUT -d 192.168.253.0/255.255.255.0 -p tcp -m tcp --dport 12345:12346 -m limit --limit 2/min -j LD
-A INPUT -d 192.168.253.0/255.255.255.0 -p udp -m udp --dport 12345:12346 -m limit --limit 2/min -j LD

-A OUTPUT -s 192.168.253.0/255.255.255.0 -p tcp -m tcp --dport 12345:12346 -m limit --limit 2/min -j LD
-A OUTPUT -s 192.168.253.0/255.255.255.0 -p udp -m udp --dport 12345:12346 -m limit --limit 2/min -j L


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Saeed42]

Server IP address is 192.168.253.157 and the test firewall is 192.168.253.139


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~