Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[suse-security] Traffic from GSM mobile invisible???
From: Stefan Gofferje (suse-securitygofferje.homelinux.org)
Date: Wed Mar 24 2004 - 08:51:45 CST
I have a encountered a very interesting problem and am curious if
anybody here has a hint on that.
I have a linux firewall / router with iptables.
Let's call it defiant with ext ppp0/dynamic and int eht0 192.168.1.254
I have a linux mailserver
Let's call it k-tanco with ip 192.168.1.200
I have iptables rules forwarding traffic on port 25 and 143 from defiant
ppp0 to k-tanco.
So far so good - everything works as supposed. When I telnet defiant
from outside to port 25, I see the traffic (tcpdump) both on defiant
ppp0 and k-tanco eth0.
Now, I have a Nokia Series 60 phone with integrated email client. I set
this email client to use the dyndns hostname of defiant via GPRS.
I can check mails and send mails via my home server. That was the first
strange point. A sending agent must be either use ASMTP, be on
192.168.1.0/24 or deliver mail for the local domains. So, the mailserver
should have rejected the mail. While investigating, I found out the
Incoming connections from the phone do NOT appear on defiant ppp0
(tcpdump). They appear on k-tanco eth0 with source ip 192.168.1.254 -
the ip of defiant eth0. /var/log/mail claims, connect from
defiant.net.local[192.168.10.254] and the header in the final mail says
received from [169.254.0.7] (defiant.net.local[192.168.10.254]).
Does anybody has an idea, what's going on here?
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here