Date: Wed, 29 Jun 2005 09:37:25 -0400 From: "Stephan Weaver" <stephanweaver@hotmail.com> To: fbsd_user@a1poweruser.com Cc: freebsd-questions@freebsd.org Subject: RE: IPF Logging packets Every 2-10 Seconds. Message-ID: <BAY20-F2E809916FCFA76E67DCFDA8E00@phx.gbl> In-Reply-To: <MIEPLLIBMLEEABPDBIEGKENMHHAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
if you carefully read this log line. 28/06/2005 15:59:23.743138 vr0 @0:28 b 201.238.78.59,4550 -> 192.168.1.1,60271 PR tcp len 20 40 -AF IN what it is saying, 201.238.78.59 on port 4550 wants to make a connection INTO my network. now it is making this connection because one my my LAN users, is accssing that address. eg, a Lan user types http://201.238.78.59:1080 [webcam port] opens up the live view in the webcam. and in a response to that, the webcam sends a data/packets back to my LAN using the webcam data port instead. [4550] >From: "fbsd_user" <fbsd_user@a1poweruser.com> >Reply-To: <fbsd_user@a1poweruser.com> >To: "Stephan Weaver" <stephanweaver@hotmail.com> >Subject: RE: IPF Logging packets Every 2-10 Seconds. >Date: Tue, 28 Jun 2005 16:40:48 -0400 > >When you list the incore rules is rule number 28 the block all rule >marking the end of the inbound section of your rules file? > >If yes, then you need to add a new pass in rule to allow port 4550 >in. >Then the remote system will be able to access your webcam server on >the firewall box. > >The short explanation about what you are doing makes all the >difference in the kind of answer you get back. Should have said >that a long time ago. This is different question that what the >email subject says. > >-----Original Message----- >From: Stephan Weaver [mailto:stephanweaver@hotmail.com] >Sent: Tuesday, June 28, 2005 4:06 PM >To: fbsd_user@a1poweruser.com >Subject: RE: IPF Logging packets Every 2-10 Seconds. > > >i Do understand what you are saying, but i BELEIVE my ruleset is in >the >wrong order or something is WRONG. >look at this LOG for example >28/06/2005 15:59:23.743138 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60271 PR tcp len 20 40 -AF IN >28/06/2005 15:59:23.823647 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60272 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.283051 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60273 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.283423 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60269 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.687274 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60271 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.865697 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60273 PR tcp len 20 40 -AF IN > > > >right, >now 201.238.78.59 is MY OTHER REMOTE server! >and my WEBCAM software runs on port 4550. >now that is being logged because, one of my lan users, >is accessing 201.238.78.59:4550 via a webpage. but it shows in the >logs. >something is WRONG. >i know what you are saying, but listen what I am saying.... > > _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY20-F2E809916FCFA76E67DCFDA8E00>