On Monday 08 July 2002 9:43 pm, Patrick Petermair wrote: > Hi! > > I have found the following log entry in my firewall log (I'm running RedHat > 7.3 with iptables for firewalling and masquerading): > > Jul 8 22:25:11 wormhole kernel: IN=ppp0 OUT= MAC= SRC=207.171.169.16 > DST=213.225.41.145 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=21031 DF PROTO=TCP > SPT=80 DPT=42111 WINDOW=8760 RES=0x00 ACK RST URGP=0 > > The thing is that this is an answer from a website (SPT=80) I surfed on > (www.amazon.de) - but my forward chain should detect it as an existing > connection and let it through:
This is an ACK RST packet, so it's quite likely that the connection tracking has already deleted the connection from the conntrack table (when it got the previous RST packet), therefore when this packet turns up, it no longer belongs to an ESTABLISHED connection. Don't worry about it. Antony.
