From owner-freebsd-questions@FreeBSD.ORG  Wed Aug  4 08:14:34 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AE6EE16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Aug 2004 08:14:34 +0000 (GMT)
Received: from mail.oisca.org (mail.oisca.org [164.46.152.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D651943D5E
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Aug 2004 08:14:33 +0000 (GMT)
	(envelope-from pwd8jmr22w@me.point.ne.jp)
Received: from [192.168.1.35] (165.191.192.61.tokyo.bflets.alpha-net.ne.jp
	[61.192.191.165])	(authenticated (0 bits))
	by mail.oisca.org (8.12.11/8.11.3) with ESMTP id i748EUDh023621
	for <freebsd-questions@freebsd.org>; Wed, 4 Aug 2004 17:14:32 +0900
Message-ID: <41109ABF.4090904@me.point.ne.jp>
Date: Wed, 04 Aug 2004 17:13:51 +0900
From: Srot BULL <pwd8jmr22w@me.point.ne.jp>
User-Agent: Mozilla Thunderbird 0.7.2 (X11/20040802)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD-questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: IPFW - Allowed but Denied is shown in my logs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: pwd8jmr22w@me.point.ne.jp
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2004 08:14:34 -0000

Hi,
I have been seeing these logs since I started using my firewall but 
since I am not having problems in my incoming-outgoing emails and access 
to websites I did not bother to change anything...But, Looking at my 
firewall logs and seeing the same things just woke up my curiousity and 
wondered if anybody can enlighten me on what is happening...

Below are some of the information that I have copied from my 
/var/log/security and pasted here:

	Aug  4 10:57:26 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49312 
130.89.175.51:80 out via bge0
	Aug  4 11:00:49 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49312 
130.89.175.51:80 out via bge0
	Aug  4 11:33:45 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49352 
69.55.225.12:80 out via bge0
	Aug  4 11:34:10 r40e last message repeated 5 times
	Aug  4 11:36:16 r40e last message repeated 3 times
	Aug  4 11:40:32 r40e last message repeated 4 times
	Aug  4 12:21:10 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49364 
195.92.249.252:80 out via bge0
	Aug  4 12:21:41 r40e last message repeated 6 times
	Aug  4 12:22:55 r40e last message repeated 2 times
	Aug  4 12:27:11 r40e last message repeated 4 times
	Aug  4 13:24:14 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49386 
216.136.204.21:80 out via bge0
	Aug  4 13:24:34 r40e last message repeated 5 times
	Aug  4 13:26:26 r40e last message repeated 3 times
	Aug  4 13:30:42 r40e last message repeated 4 times
	Aug  4 15:04:19 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49456 
210.188.175.94:110 out via bge0
	Aug  4 15:04:46 r40e last message repeated 7 times
	Aug  4 15:06:04 r40e last message repeated 2 times
	Aug  4 15:08:38 r40e last message repeated 3 times
	Aug  4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49487 
164.46.152.13:110 out via bge0
	Aug  4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49486 
164.46.152.13:110 out via bge0
	Aug  4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49487 
164.46.152.13:110 out via bge0
	Aug  4 15:44:42 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49504 
205.180.85.140:80 out via bge0
	Aug  4 15:45:15 r40e last message repeated 6 times
	Aug  4 15:46:44 r40e last message repeated 2 times
	Aug  4 15:51:00 r40e last message repeated 4 times

This is found in my /etc/ipfw.rules
### Allow out non-secure standard www function	###
$CMD 00200 allow tcp from any to any 80 out via $IFN setup keep-state

### Allow out send & get email function ###
$CMD 00230 allow tcp from any to any 25 out via $IFN setup keep-state
$CMD 00231 allow tcp from any to any 110 out via $IFN setup keep-state

### deny and log everything else that's trying to get out.	###
### This rule enforces the block all by default logic.		###
$CMD 00299 deny log all from any to any out via $IFN


Why are the above firewall logs telling me that it has denied my TCP 
packets and yet I am not experiencing some problems in my emails and 
access to the internet through port 80.  I still do not understand the 
whole thing about firewalls and I hope that anybody can share what they 
think is happening.

Thanks in advance for any comments and advice...

Srot BULL