On 4/1/2015 8:01 AM, Marko Weber | 8000 wrote: > > Hi Tom, > > Am 2015-03-31 23:57, schrieb Tom Eastep: >> On 3/31/2015 1:04 PM, Marko Weber | 8000 wrote: >>> >>> hello list, >>> >>> kernel: Shorewall:_net-fw::IN=eth0 OUT= >>> MAC=d4:3d:7e:ec:e1:07:00:26:88:75:df:19:08:00 SRC=87.142.17.90 >>> DST=46.4.xx.xxx LEN=80 TOS=0x00 PREC=0x00 TTL=55 ID=38334 PROTO=ICMP >>> TYPE=3 CODE=1 [SRC=46.4.xx.xxx DST=87.142.17.90 LEN=52 TOS=0x00 >>> PREC=0x00 TTL=53 ID=4374 DF PROTO=TCP SPT=80 DPT=56578 WINDOW=521 >>> RES=0x00 ACK FIN URGP=0 ] >>> >>> >>> i find this entries in my logs. >>> What does this mean? I dont understand at all. A client connects via >>> http on port 80, then webserver is checking if client is reachable on >>> his outgoing port of his request? >>> >>> Can some help me to read this correct or interpret this correct? >> >> 46.4.xx.xxx is in the process of closing an HTTP connection from >> 87.142.17.90 and sent a FIN/ACK packet. Some host between the two >> endpoints is returning a 'host-unreachable' ICMP in response to that >> packet. I would have to see the output of 'shorewall show net-fw' to >> understand why these are being logged. >> >> -Tom > > here is the output: > > # shorewall show net-fw > Shorewall 4.6.6.1 Chain net-fw at nuggetforum.com - Wed Apr 1 17:00:28 > CEST 2015 > > Counters reset Wed Apr 1 17:00:26 CEST 2015 > > Chain net-fw (1 references) > pkts bytes target prot opt in out source > destination > 7 550 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED > 7 550 smurfs all -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED > 229 39675 tcpflags tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 > 224 39355 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate ESTABLISHED > 0 0 _net-fw all -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate INVALID > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate RELATED > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmptype 8 /* Ping */ > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 /* SSH */ > 5 320 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 /* HTTP */ > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:443 /* HTTPS */ > 2 230 Drop all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:net-fw:DROP:" > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 >
You must have edited the log output on your previous email. The log previx there was "Shorewall:_net-fw::". The Drop action does not drop 3:1 ICMPs silently, so they are being logged. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
