Do you know how to use the scripting function of MT?
- yes
- no
- no idea what this is
0
voters
Hello All:
So, I have a rule in my forward chain that I can’t figure out.
6 chain=forward dst-address=172.31.5.252 protocol=tcp action=jump jump-target=chat
19:00:32 firewall,info before chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:57208->172.31.5.252:443, len 60
19:00:32 firewall,info ssh chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:57208->172.31.5.252:443, len 60
19:00:32 firewall,info ssl chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:57208->172.31.5.252:443, len 60
19:00:32 firewall,info chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:57208->172.31.5.252:443, len 60
This is what prints this log out:
0 chain=chat protocol=tcp action=log log-prefix="before"
1 chain=chat dst-address=172.31.5.252 dst-port=22 action=log log-prefix="ssh"
2 chain=chat dst-address=172.31.5.252 dst-port=443 connection-state=new action=log log-prefix="ssl"
3 chain=chat action=log log-prefix=""
4 chain=chat action=reject reject-with=icmp-host-unreachable
Now, maybe I am REALLY out of it, but how can both dst-ports (22,443) be matching?
Anyhelp is much appreciated 
So just for the grin of it, I tried one other thing. This time both match on the port, even though it is port 23!
19:09:30 firewall,info before chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:51480->172.31.5.252:23, len 60
19:09:30 firewall,info ssh chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:51480->172.31.5.252:23, len 60
19:09:30 firewall,info ssl chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:51480->172.31.5.252:23, len 60
19:09:30 firewall,info chat: in:ether1 out:ether2, src-mac a:b:c:d:e:f, proto TCP (SYN), w.x.y.z:51480->172.31.5.252:23, len 60