We use Debian (sid, 2.4.18 custom, libc6 2.2.5) box with iptables (1.2.6a) and Obsid's rc.firewall.iptables.dual (1.2b2) http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current as a firewall between private net and Internet.
Every day we get a lot of DENIED PORT messages: [...] Apr 9 17:05:57 lee kernel: DENIED PORT:IN=eth0 OUT=ppp0 SRC=<private IP> DST=<Internet IP> LEN=48 TOS=0x08 PREC=0x00 TTL=125 ID=40301 DF PROTO=TCP SPT=2702 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 [...] Apr 9 17:26:53 lee kernel: DENIED PORT:IN=eth0 OUT=ppp0 SRC=<private IP> DST=<Internet IP> LEN=48 TOS=0x08 PREC=0x00 TTL=125 ID=10893 DF PROTO=TCP SPT=1339 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 [..] Apr 9 17:35:10 lee kernel: DENIED PORT:IN=eth0 OUT=ppp0 SRC=<private IP> DST=<Internet IP> LEN=48 TOS=0x08 PREC=0x00 TTL=127 ID=25376 DF PROTO=TCP SPT=2049 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 [...] These ports is denied by script, but I do not understand what does it mean. If some private net user browser try to connect to some Internet www server (DPT=80) it has to use one of the dynamic and/or private ports (49152 through 65535) as a source port, hasn't it? As http://www.iana.org/assignments/port-numbers reads port 1339 used by kjtsiteserver, 2049 by Network File System - Sun Microsystems, and 2702 by SMS XFER. But our private net does not use Network File System - Sun Microsystems (we use SAMBA instead). I do not manage to find any usefull information what kjtsiteserver and SMS XFER is, but so far as I can understand no our private net boxes use such software too. Can anybody, please, explain me, point to source of information give a hint (any information would be gratefully appreciated) how to understand these messages. Thank you, Mikhail. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
