From owner-freebsd-questions@FreeBSD.ORG Wed Jun 29 13:37:26 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C94416A41C for ; Wed, 29 Jun 2005 13:37:26 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from hotmail.com (bay20-f2.bay20.hotmail.com [64.4.54.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3254C43D1D for ; Wed, 29 Jun 2005 13:37:26 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 29 Jun 2005 06:37:26 -0700 Message-ID: Received: from 200.108.26.169 by by20fd.bay20.hotmail.msn.com with HTTP; Wed, 29 Jun 2005 13:37:25 GMT X-Originating-IP: [200.108.26.169] X-Originating-Email: [stephanweaver@hotmail.com] X-Sender: stephanweaver@hotmail.com In-Reply-To: From: "Stephan Weaver" To: fbsd_user@a1poweruser.com Date: Wed, 29 Jun 2005 09:37:25 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 29 Jun 2005 13:37:26.0034 (UTC) FILETIME=[AFCA9F20:01C57CAF] Cc: freebsd-questions@freebsd.org Subject: RE: IPF Logging packets Every 2-10 Seconds. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 13:37:26 -0000 if you carefully read this log line. 28/06/2005 15:59:23.743138 vr0 @0:28 b 201.238.78.59,4550 -> 192.168.1.1,60271 PR tcp len 20 40 -AF IN what it is saying, 201.238.78.59 on port 4550 wants to make a connection INTO my network. now it is making this connection because one my my LAN users, is accssing that address. eg, a Lan user types http://201.238.78.59:1080 [webcam port] opens up the live view in the webcam. and in a response to that, the webcam sends a data/packets back to my LAN using the webcam data port instead. [4550] >From: "fbsd_user" >Reply-To: >To: "Stephan Weaver" >Subject: RE: IPF Logging packets Every 2-10 Seconds. >Date: Tue, 28 Jun 2005 16:40:48 -0400 > >When you list the incore rules is rule number 28 the block all rule >marking the end of the inbound section of your rules file? > >If yes, then you need to add a new pass in rule to allow port 4550 >in. >Then the remote system will be able to access your webcam server on >the firewall box. > >The short explanation about what you are doing makes all the >difference in the kind of answer you get back. Should have said >that a long time ago. This is different question that what the >email subject says. > >-----Original Message----- >From: Stephan Weaver [mailto:stephanweaver@hotmail.com] >Sent: Tuesday, June 28, 2005 4:06 PM >To: fbsd_user@a1poweruser.com >Subject: RE: IPF Logging packets Every 2-10 Seconds. > > >i Do understand what you are saying, but i BELEIVE my ruleset is in >the >wrong order or something is WRONG. >look at this LOG for example >28/06/2005 15:59:23.743138 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60271 PR tcp len 20 40 -AF IN >28/06/2005 15:59:23.823647 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60272 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.283051 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60273 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.283423 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60269 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.687274 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60271 PR tcp len 20 40 -AF IN >28/06/2005 15:59:24.865697 vr0 @0:28 b 201.238.78.59,4550 -> >192.168.1.1,60273 PR tcp len 20 40 -AF IN > > > >right, >now 201.238.78.59 is MY OTHER REMOTE server! >and my WEBCAM software runs on port 4550. >now that is being logged because, one of my lan users, >is accessing 201.238.78.59:4550 via a webpage. but it shows in the >logs. >something is WRONG. >i know what you are saying, but listen what I am saying.... > > _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/