On 2007-04-20 11:59, James D. Parra wrote: > Hello, > > Getting strange error messages from dmesg; > > SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.20.6 DST=192.168.20.129 LEN=40 > TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=143 DPT=2502 WINDOW=0 > RES=0x00 RST URGP=0 > SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.20.6 DST=192.168.20.220 LEN=40 > TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=143 DPT=2812 WINDOW=0 > RES=0x00 RST URGP=0 > SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.20.6 DST=192.168.20.253 LEN=40 > TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=143 DPT=1225 WINDOW=0 > RES=0x00 RST URGP=0 > > The NIC is a 3Com 1000m. > > What do they mean? > > Thank you, > > James > These are reply packets from IMAP to remote systems, but the firewall is not aware of any connections initiated by the remote systems to the IMAP port, 143 (see note). Check to see that you have the connection tracking module loaded (lsmod |grep conntrack, the module name is ip_conntrack.) The firewall script should ensure that it is loaded, but make sure anyway.
Note: a NEW connection in always indicated by the presence of the term SYN in a firewall log entry such as the above examples. It is not present in your examples, therefore these connections must be related to an existing connection or the firewall considers them to be in error, and logs them as such. According to what I see in the firewall script, they will have been sent anyway, the log entry is just for your information, so you can check the system for potential errors (and there is an error somewhere, or you would not be getting these log entries -- what that error might be I do not know, other than to suggest verifying the conntrack module is loaded). -- Moral indignation is jealousy with a halo. -- HG Wells -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
