Jim Ford wrote:
I'm getting puzzing messages that appear to be my firewall rejecting
packets originating
from my internal network and destined for my ISP. What is more puzzling
is that they appear
to be from strange source ports on my machine (4398 in the example
below) and destined for port 54321 on the ISP machine - but 54321 is the
one I use for my Azereus bittorent client.
I've got port forwarding for 54321.
Or am I (as is more likely) misinterpreting the log entries?
Here's an log entry illustrating the above:
Apr 7 22:10:26 firewall Shorewall:all2all:REJECT: IN=eth1 OUT=
MAC=00:40:f4:cf:72:ae:00:0f:ea:61:85:24:08:00
SRC=192.168.1.1 DST= LEN=48 TOS=00 PREC=0x00 TTL=128 ID=40797
CE DF PROTO=TCP SPT=4398 DPT=54321 SEQ=3323789312 ACK=0 WINDOW=65535 SYN
URGP=0
Jim Ford
I think you are reading the log entry correctly, save for the (obvious,
I trust) qualification that I have no way of knowing if destination IP
address 80.3.22.192 is "destined for [your] ISP".
[EMAIL PROTECTED]:~$ host 80.3.22.192
192.22.3.80.in-addr.arpa domain name pointer
cpc1-watf3-5-0-cust192.watf.cable.ntl.com.
Since the log entry does not list an OUT= interface, I find myself
wondering if this address is actually your router's external address. If
it is, Shorewall probably has a rule blocking traffic to the router's
external address from the internal interface. (I'm not certain of that,
but it is a common sort of rule to have.) If it is not, confirm that you
have a route to it.
As to the underlying cause, it is probably a client misconfiguration of
some sort. That the source ports appear to you as "strange source ports"
implies that the traffic is from a client ... something that gets an
arbitrary port assigned on the fly ... rather than a server, which would
use a stable, known port number. The exact nature of the
misconfiguration depends, I suppose, on what destination address
80.3.22.192 actually is and on what client application is trying to send
to this destination.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
