IPFW2 strange issues on BSD-5.2.1 (RESENT)
This is a resent message, as noone has bothered to reply (yet). RESENT MESSAGE TEXT FOLLOWS ___ I'm using FreeBSD 5.2.1 with IPFW2 as a firewall/router on a network. The firewall itself does not need to be terribly sophisticated -- on the other hand, it is having some problems. I'm seeing some very strange things in the dynamic ruleset. The last 4 entries in the list are the issues. You can see that none of the informatin in the last 4 dynamic rules makes any sense -- not the #/packets or bytes, the rule #, or even the protocol. The IP addresses referred to are not local to any part of the network, and some aren't even listed in the appropriate WHOIS database. I'm totally lost on this. Any help would be appreciated, including suggestions as to how to generate better log information. Nothing shows in my logs, either. Interestingly, these last (wierd) rules appear & disappear at random intervals, with different information each time -- different rule numebrs (but non-existent in my ruleset), different Ips, and different protocols. host-64-179-35-23# ipfw -de show 00050 35654 14976392 divert 8668 ip from any to any via xl0 00100 29882071714 allow ip from 127.0.0.0/8 to 127.0.0.0/8 00200 0 0 deny ip from 127.0.0.0/8 to any 00300 0 0 deny ip from any to 127.0.0.0/8 00310 0 0 allow ip from 224.0.0.1 to any 00311110 3960 allow ip from any to 224.0.0.1 00350 0 0 deny log argus from any to any 00351 0 0 deny log scps from any to any 00352 0 0 deny log igmp from any to any 00354 0 0 deny log netblt from any to any 00355 0 0 deny ip from 0.0.0.0 to any 00356 0 0 deny ip from any to 0.0.0.0 00357 0 0 deny ipv6-nonxt from any to any 00359 0 0 deny log trunk-2 from any to any 00360 99 6224 deny log icmp from any to any 00400891 111330 allow ip from 205.201.9.0/24 to me setup keep-state 00410 0 0 allow ip from 151.201.141.231 to me setup keep-state 00420 0 0 deny ip from any to me dst-port 22 00450 1272 539440 allow ip from any to me dst-port 25 setup keep-state 00451151 12032 allow ip from me to any dst-port 21 setup keep-state 00452 0 0 allow ip from me to any dst-port 20 setup keep-state 00453 115131798157 allow ip from me to any dst-port 80 setup keep-state 00454 11 1457 allow ip from me to any dst-port 443 setup keep-state 00455 0 0 allow ip from any 20 to me setup keep-state 00457 0 0 allow ip from me to any dst-port 22 setup keep-state 00458 0 0 allow ip from any 25 to me setup keep-state 00459 0 0 allow ip from any to me dst-port 80 setup keep-state 00498 2373 267409 allow ip from any to me 00499 62671635428 allow ip from me to any 00520 0 0 allow ip from 224.0.0.1 to any 00530 0 0 allow ip from any to 224.0.0.1 00800 11739 allow udp from any to 207.69.188.200 dst-port 53 00810 22 10768 allow udp from 207.69.188.200 53 to any 00820250 15731 allow udp from any to 64.65.223.6 dst-port 53 00830498 141930 allow udp from 64.65.223.6 53 to any 00840 94 6784 allow udp from any to any dst-port 53 00841122 36608 allow udp from any 53 to any 00850 0 0 allow ip from 255.255.255.255 to any 00860232 70064 allow ip from any to 255.255.255.255 00998 82 18216 allow ip from 192.168.1.0/24 to 192.168.1.0/24 not via xl0 00999 0 0 check-state 01000 0 0 allow ip from any to 192.168.1.5 dst-port 25 setup keep-state 01010 1115 517038 allow ip from any to 192.168.1.5 dst-port 80 setup keep-state 01020 0 0 allow ip from any to 192.168.1.5 dst-port 2500 setup keep-state 01100332 49019 allow ip from 192.168.1.5 to any dst-port 25 setup keep-state 01110 1177 978983 allow ip from 192.168.1.5 to any dst-port 80 setup keep-state 01115 0 0 allow ip from 192.168.1.5 to any dst-port 443 setup keep-state 01120 0 0 allow ip from 192.168.1.5 to any dst-port 21 setup keep-state 01125 0 0 allow ip from 192.168.1.5 to any dst-port 20 setup keep-state 01130 0 0 allow ip from 192.168.1.5 20 to any setup keep-state 01998 83 3704 deny log ip from 192.168.1.5 to any 01999 36 1440 deny log ip from any to 192.168.1.5 02010 0 0 allow ip from 192.168.1.0/24 to any dst-port 20 setup keep-state 02020 40906 23355938 allow ip from 192.168.1.0/24 to any dst-port 80 setup keep-state 02030 39 20505 allow ip from 19
IPFW2 strange issues on BSD-5.2.1
I'm using FreeBSD 5.2.1 with IPFW2 as a firewall/router on a network. I'm seeing some very strange things in the dynamic ruleset. The last 4 entries in the list are the issues. You can see that none of the informatin in the last 4 dynamic rules makes any sense -- not the #/packets or bytes, the rule #, or even the protocol. The IP addresses referred to are not local to any part of the network, and some aren't even listed in the appropriate WHOIS database. I'm totally lost on this. Any help would be appreciated, including suggestions as to how to generate better log information. Nothing shows in my logs, either. Interestingly, these last (wierd) rules appear & disappear at random intervals, with different information each time -- different rule numebrs (but non-existent in my ruleset), different Ips, and different protocols. host-64-179-35-23# ipfw -de show 00050 35654 14976392 divert 8668 ip from any to any via xl0 00100 29882071714 allow ip from 127.0.0.0/8 to 127.0.0.0/8 00200 0 0 deny ip from 127.0.0.0/8 to any 00300 0 0 deny ip from any to 127.0.0.0/8 00310 0 0 allow ip from 224.0.0.1 to any 00311110 3960 allow ip from any to 224.0.0.1 00350 0 0 deny log argus from any to any 00351 0 0 deny log scps from any to any 00352 0 0 deny log igmp from any to any 00354 0 0 deny log netblt from any to any 00355 0 0 deny ip from 0.0.0.0 to any 00356 0 0 deny ip from any to 0.0.0.0 00357 0 0 deny ipv6-nonxt from any to any 00359 0 0 deny log trunk-2 from any to any 00360 99 6224 deny log icmp from any to any 00400891 111330 allow ip from 205.201.9.0/24 to me setup keep-state 00410 0 0 allow ip from 151.201.141.231 to me setup keep-state 00420 0 0 deny ip from any to me dst-port 22 00450 1272 539440 allow ip from any to me dst-port 25 setup keep-state 00451151 12032 allow ip from me to any dst-port 21 setup keep-state 00452 0 0 allow ip from me to any dst-port 20 setup keep-state 00453 115131798157 allow ip from me to any dst-port 80 setup keep-state 00454 11 1457 allow ip from me to any dst-port 443 setup keep-state 00455 0 0 allow ip from any 20 to me setup keep-state 00457 0 0 allow ip from me to any dst-port 22 setup keep-state 00458 0 0 allow ip from any 25 to me setup keep-state 00459 0 0 allow ip from any to me dst-port 80 setup keep-state 00498 2373 267409 allow ip from any to me 00499 62671635428 allow ip from me to any 00520 0 0 allow ip from 224.0.0.1 to any 00530 0 0 allow ip from any to 224.0.0.1 00800 11739 allow udp from any to 207.69.188.200 dst-port 53 00810 22 10768 allow udp from 207.69.188.200 53 to any 00820250 15731 allow udp from any to 64.65.223.6 dst-port 53 00830498 141930 allow udp from 64.65.223.6 53 to any 00840 94 6784 allow udp from any to any dst-port 53 00841122 36608 allow udp from any 53 to any 00850 0 0 allow ip from 255.255.255.255 to any 00860232 70064 allow ip from any to 255.255.255.255 00998 82 18216 allow ip from 192.168.1.0/24 to 192.168.1.0/24 not via xl0 00999 0 0 check-state 01000 0 0 allow ip from any to 192.168.1.5 dst-port 25 setup keep-state 01010 1115 517038 allow ip from any to 192.168.1.5 dst-port 80 setup keep-state 01020 0 0 allow ip from any to 192.168.1.5 dst-port 2500 setup keep-state 01100332 49019 allow ip from 192.168.1.5 to any dst-port 25 setup keep-state 01110 1177 978983 allow ip from 192.168.1.5 to any dst-port 80 setup keep-state 01115 0 0 allow ip from 192.168.1.5 to any dst-port 443 setup keep-state 01120 0 0 allow ip from 192.168.1.5 to any dst-port 21 setup keep-state 01125 0 0 allow ip from 192.168.1.5 to any dst-port 20 setup keep-state 01130 0 0 allow ip from 192.168.1.5 20 to any setup keep-state 01998 83 3704 deny log ip from 192.168.1.5 to any 01999 36 1440 deny log ip from any to 192.168.1.5 02010 0 0 allow ip from 192.168.1.0/24 to any dst-port 20 setup keep-state 02020 40906 23355938 allow ip from 192.168.1.0/24 to any dst-port 80 setup keep-state 02030 39 20505 allow ip from 192.168.1.0/24 to any dst-port 443 setup keep-state 02040 0 0 allow ip from 192.168.1.0/24 to any dst-port 21 setup keep-state 02050 0 0 allow ip from 192.168.1.0/24 20 to any setup keep-state 65000