Date: Wed, 30 Jun 2004 21:14:46 -0400 From: m <m@telerama.com> To: <freebsd-ipfw@freebsd.org> Subject: IPFW doing some wierd stuff. Message-ID: <BD08DDC6.5ADE%m@telerama.com>
next in thread | raw e-mail | index | archive | help
I posted this to the FreeBSD general list and got no response. I'm using FreeBSD 5.2.1 with IPFW2 as a firewall/router on a network. I'm seeing some very strange things in the dynamic ruleset. The last 4 entries in the list are the issues. You can see that none of the informatin in the last 4 dynamic rules makes any sense -- not the #/packets or bytes, the rule #, or even the protocol. The IP addresses referred to are not local to any part of the network, and some aren't even listed in the appropriate WHOIS database. I'm totally lost on this. Any help would be appreciated, including suggestions as to how to generate better log information. Nothing shows in my logs, either. Interestingly, these last (wierd) rules appear & disappear at random intervals, with different information each time -- different rule numebrs (but non-existent in my ruleset), different Ips, and different protocols. host-64-179-35-23# ipfw -de show 00050 35654 14976392 divert 8668 ip from any to any via xl0 00100 2988 2071714 allow ip from 127.0.0.0/8 to 127.0.0.0/8 00200 0 0 deny ip from 127.0.0.0/8 to any 00300 0 0 deny ip from any to 127.0.0.0/8 00310 0 0 allow ip from 224.0.0.1 to any 00311 110 3960 allow ip from any to 224.0.0.1 00350 0 0 deny log argus from any to any 00351 0 0 deny log scps from any to any 00352 0 0 deny log igmp from any to any 00354 0 0 deny log netblt from any to any 00355 0 0 deny ip from 0.0.0.0 to any 00356 0 0 deny ip from any to 0.0.0.0 00357 0 0 deny ipv6-nonxt from any to any 00359 0 0 deny log trunk-2 from any to any 00360 99 6224 deny log icmp from any to any 00400 891 111330 allow ip from 205.201.9.0/24 to me setup keep-state 00410 0 0 allow ip from 151.201.141.231 to me setup keep-state 00420 0 0 deny ip from any to me dst-port 22 00450 1272 539440 allow ip from any to me dst-port 25 setup keep-state 00451 151 12032 allow ip from me to any dst-port 21 setup keep-state 00452 0 0 allow ip from me to any dst-port 20 setup keep-state 00453 11513 1798157 allow ip from me to any dst-port 80 setup keep-state 00454 11 1457 allow ip from me to any dst-port 443 setup keep-state 00455 0 0 allow ip from any 20 to me setup keep-state 00457 0 0 allow ip from me to any dst-port 22 setup keep-state 00458 0 0 allow ip from any 25 to me setup keep-state 00459 0 0 allow ip from any to me dst-port 80 setup keep-state 00498 2373 267409 allow ip from any to me 00499 6267 1635428 allow ip from me to any 00520 0 0 allow ip from 224.0.0.1 to any 00530 0 0 allow ip from any to 224.0.0.1 00800 11 739 allow udp from any to 207.69.188.200 dst-port 53 00810 22 10768 allow udp from 207.69.188.200 53 to any 00820 250 15731 allow udp from any to 64.65.223.6 dst-port 53 00830 498 141930 allow udp from 64.65.223.6 53 to any 00840 94 6784 allow udp from any to any dst-port 53 00841 122 36608 allow udp from any 53 to any 00850 0 0 allow ip from 255.255.255.255 to any 00860 232 70064 allow ip from any to 255.255.255.255 00998 82 18216 allow ip from 192.168.1.0/24 to 192.168.1.0/24 not via xl0 00999 0 0 check-state 01000 0 0 allow ip from any to 192.168.1.5 dst-port 25 setup keep-state 01010 1115 517038 allow ip from any to 192.168.1.5 dst-port 80 setup keep-state 01020 0 0 allow ip from any to 192.168.1.5 dst-port 2500 setup keep-state 01100 332 49019 allow ip from 192.168.1.5 to any dst-port 25 setup keep-state 01110 1177 978983 allow ip from 192.168.1.5 to any dst-port 80 setup keep-state 01115 0 0 allow ip from 192.168.1.5 to any dst-port 443 setup keep-state 01120 0 0 allow ip from 192.168.1.5 to any dst-port 21 setup keep-state 01125 0 0 allow ip from 192.168.1.5 to any dst-port 20 setup keep-state 01130 0 0 allow ip from 192.168.1.5 20 to any setup keep-state 01998 83 3704 deny log ip from 192.168.1.5 to any 01999 36 1440 deny log ip from any to 192.168.1.5 02010 0 0 allow ip from 192.168.1.0/24 to any dst-port 20 setup keep-state 02020 40906 23355938 allow ip from 192.168.1.0/24 to any dst-port 80 setup keep-state 02030 39 20505 allow ip from 192.168.1.0/24 to any dst-port 443 setup keep-state 02040 0 0 allow ip from 192.168.1.0/24 to any dst-port 21 setup keep-state 02050 0 0 allow ip from 192.168.1.0/24 20 to any setup keep-state 65000 1968 176664 deny log ip from any to any 65535 0 0 deny ip from any to any ## Dynamic rules (105): 02020 10 2859 (0s) STATE tcp 192.168.1.22 2943 <-> 65.54.194.59 80 01010 260 145073 (0s) STATE tcp 67.165.52.118 61735 <-> 192.168.1.5 80 01010 62 25228 (0s) STATE tcp 67.165.52.118 61734 <-> 192.168.1.5 80 00450 23 1680 (0s) STATE tcp 66.118.177.230 31470 <-> 64.179.35.23 25 01010 167 84950 (0s) STATE tcp 67.165.52.118 61739 <-> 192.168.1.5 80 01010 16 2474 (0s) STATE tcp 67.165.52.118 61737 <-> 192.168.1.5 80 00453 18 8792 (0s) STATE tcp 64.179.35.23 1369 <-> 63.111.24.21 80 01010 9 1148 (0s) STATE tcp 67.165.52.118 61743 <-> 192.168.1.5 80 02020 116 56383 (0s) STATE tcp 192.168.1.101 1388 <-> 64.65.208.72 80 02020 10 2210 (0s) STATE tcp 192.168.1.101 1382 <-> 64.65.208.71 80 02020 23 12664 (0s) STATE tcp 192.168.1.101 1384 <-> 64.65.208.72 80 02020 66 26546 (0s) STATE tcp 192.168.1.101 1386 <-> 64.65.208.72 80 00453 5 558 (0s) STATE tcp 64.179.35.23 1352 <-> 56.0.134.22 80 02020 30 10124 (0s) STATE tcp 192.168.1.101 1383 <-> 64.65.208.72 80 02020 19 10674 (0s) STATE tcp 192.168.1.101 1378 <-> 216.39.69.76 80 02020 87 83654 (0s) STATE tcp 192.168.1.22 2971 <-> 207.68.173.254 80 02020 33 16730 (0s) STATE tcp 192.168.1.22 2859 <-> 207.91.5.68 80 00453 4 597 (0s) STATE tcp 64.179.35.23 1376 <-> 216.73.86.13 80 02020 47 24913 (0s) STATE tcp 192.168.1.22 2857 <-> 207.91.5.68 80 00453 11 698 (0s) STATE tcp 64.179.35.23 2856 <-> 207.91.5.68 80 02020 10 2000 (0s) STATE tcp 192.168.1.22 2560 <-> 65.205.8.106 80 00453 5 1273 (0s) STATE tcp 64.179.35.23 1395 <-> 216.52.17.116 80 00453 6 1143 (0s) STATE tcp 64.179.35.23 1392 <-> 216.52.17.116 80 02020 8 1136 (0s) STATE tcp 192.168.1.22 2830 <-> 216.27.102.15 80 00453 5 968 (0s) STATE tcp 64.179.35.23 1372 <-> 206.65.183.80 80 02020 12 5126 (0s) STATE tcp 192.168.1.101 1313 <-> 64.65.208.71 80 00450 8 388 (0s) STATE tcp 208.17.205.133 1246 <-> 64.179.35.23 25 00400 890 111270 (300s) STATE tcp 205.201.9.222 56200 <-> 64.179.35.23 22 02020 12 1253 (0s) STATE tcp 192.168.1.101 1376 <-> 216.73.86.13 80 00453 4 592 (0s) STATE tcp 64.179.35.23 2777 <-> 143.231.86.196 80 02020 12 1342 (0s) STATE tcp 192.168.1.22 2777 <-> 143.231.86.196 80 00450 28 7929 (0s) STATE tcp 207.69.231.40 4731 <-> 64.179.35.23 25 00451 67 5443 (0s) STATE tcp 64.179.35.23 53377 <-> 205.201.9.227 21 00453 7 862 (0s) STATE tcp 64.179.35.23 1378 <-> 216.39.69.76 80 00453 7 862 (0s) STATE tcp 64.179.35.23 1377 <-> 216.39.69.76 80 00450 28 3078 (0s) STATE tcp 68.95.226.39 2373 <-> 64.179.35.23 25 00453 4 527 (0s) STATE tcp 64.179.35.23 2801 <-> 143.231.86.196 80 02020 12 1105 (0s) STATE tcp 192.168.1.22 2807 <-> 143.231.86.196 80 00453 1 40 (0s) STATE tcp 64.179.35.23 2806 <-> 143.231.86.196 80 00453 10 1182 (0s) STATE tcp 64.179.35.23 2805 <-> 143.231.86.196 80 02020 38 27372 (0s) STATE tcp 192.168.1.22 2805 <-> 143.231.86.196 80 02020 10 1543 (0s) STATE tcp 192.168.1.22 2976 <-> 65.54.140.158 80 02020 12 1105 (0s) STATE tcp 192.168.1.22 2809 <-> 143.231.86.196 80 00453 4 529 (0s) STATE tcp 64.179.35.23 2808 <-> 143.231.86.196 80 02020 86 77940 (0s) STATE tcp 192.168.1.22 2941 <-> 64.65.208.71 80 02020 12 1105 (0s) STATE tcp 192.168.1.22 2813 <-> 143.231.86.196 80 00453 4 529 (0s) STATE tcp 64.179.35.23 2812 <-> 143.231.86.196 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2639 <-> 128.121.26.136 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2638 <-> 128.121.26.136 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2637 <-> 128.121.26.136 80 02020 17 9707 (0s) STATE tcp 192.168.1.22 2866 <-> 209.195.176.247 80 00453 5 604 (0s) STATE tcp 64.179.35.23 2867 <-> 209.195.176.247 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2634 <-> 128.121.26.136 80 00453 6 938 (0s) STATE tcp 64.179.35.23 2957 <-> 209.225.33.67 80 02020 10 1929 (0s) STATE tcp 192.168.1.22 2945 <-> 216.39.69.76 80 00453 4 671 (0s) STATE tcp 64.179.35.23 2944 <-> 216.39.69.76 80 00453 5 598 (0s) STATE tcp 64.179.35.23 2877 <-> 209.195.176.247 80 02020 15 2241 (0s) STATE tcp 192.168.1.22 2876 <-> 209.195.176.247 80 00453 5 549 (0s) STATE tcp 64.179.35.23 2949 <-> 216.39.69.76 80 02020 11 1295 (0s) STATE tcp 192.168.1.22 2949 <-> 216.39.69.76 80 00453 6 722 (0s) STATE tcp 64.179.35.23 2964 <-> 209.225.33.67 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2651 <-> 128.121.26.136 80 00453 5 520 (0s) STATE tcp 64.179.35.23 2650 <-> 128.121.26.136 80 00453 5 772 (0s) STATE tcp 64.179.35.23 2746 <-> 216.109.117.106 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2643 <-> 128.121.26.136 80 00453 4 519 (0s) STATE tcp 64.179.35.23 2937 <-> 65.54.140.158 80 00450 22 3072 (0s) STATE tcp 207.69.231.40 1415 <-> 64.179.35.23 25 02020 14 1218 (0s) STATE tcp 192.168.1.100 2591 <-> 128.121.26.136 80 02020 22 15737 (0s) STATE tcp 192.168.1.22 2725 <-> 64.65.208.71 80 00453 1 40 (0s) STATE tcp 64.179.35.23 2724 <-> 64.65.208.71 80 00453 5 520 (0s) STATE tcp 64.179.35.23 2665 <-> 128.121.26.136 80 00453 5 520 (0s) STATE tcp 64.179.35.23 2664 <-> 128.121.26.136 80 02020 11 1165 (0s) STATE tcp 192.168.1.100 2645 <-> 64.124.109.200 80 00453 4 480 (0s) STATE tcp 64.179.35.23 2661 <-> 128.121.26.136 80 00453 4 639 (0s) STATE tcp 64.179.35.23 2933 <-> 65.54.140.158 80 02020 10 1663 (0s) STATE tcp 192.168.1.22 2933 <-> 65.54.140.158 80 02020 10 1697 (0s) STATE tcp 192.168.1.22 2961 <-> 216.73.87.102 80 00450 19 1484 (0s) STATE tcp 66.118.177.230 33626 <-> 64.179.35.23 25 02020 10 2812 (0s) STATE tcp 192.168.1.22 2713 <-> 216.73.86.105 80 00453 5 723 (0s) STATE tcp 64.179.35.23 2712 <-> 216.73.86.105 80 02020 17 10529 (0s) STATE tcp 192.168.1.22 2712 <-> 216.73.86.105 80 00453 4 598 (0s) STATE tcp 64.179.35.23 2713 <-> 216.73.86.105 80 02020 17 10167 (0s) STATE tcp 192.168.1.22 2711 <-> 216.73.86.105 80 00453 4 523 (0s) STATE tcp 64.179.35.23 2710 <-> 216.73.86.105 80 00453 20 1316 (0s) STATE tcp 64.179.35.23 2834 <-> 66.218.71.233 80 00453 1 40 (0s) STATE tcp 64.179.35.23 2657 <-> 216.157.112.153 80 02020 8 1324 (0s) STATE tcp 192.168.1.22 2656 <-> 216.157.112.153 80 02020 15 1212 (0s) STATE tcp 192.168.1.100 2664 <-> 128.121.26.136 80 02020 15 1212 (0s) STATE tcp 192.168.1.100 2665 <-> 128.121.26.136 80 02020 14 1172 (0s) STATE tcp 192.168.1.100 2661 <-> 128.121.26.136 80 02020 2234 588879 (258s) STATE tcp 192.168.1.22 2208 <-> 207.46.110.4 80 02020 14 1218 (0s) STATE tcp 192.168.1.100 2651 <-> 128.121.26.136 80 02020 14 1218 (0s) STATE tcp 192.168.1.100 2646 <-> 128.121.26.136 80 02020 14 1172 (0s) STATE tcp 192.168.1.100 2647 <-> 128.121.26.136 80 02020 15 1677 (0s) STATE tcp 192.168.1.100 2642 <-> 128.121.26.136 80 00453 6 642 (0s) STATE tcp 64.179.35.23 2880 <-> 209.195.176.247 80 02020 15 1672 (0s) STATE tcp 192.168.1.22 2881 <-> 209.195.176.247 80 02020 14 1172 (0s) STATE tcp 192.168.1.100 2637 <-> 128.121.26.136 80 02020 14 1172 (0s) STATE tcp 192.168.1.100 2638 <-> 128.121.26.136 80 00453 6 646 (0s) STATE tcp 64.179.35.23 2885 <-> 209.195.176.247 80 02020 15 2479 (0s) STATE tcp 192.168.1.22 2884 <-> 209.195.176.247 80 02020 14 1218 (0s) STATE tcp 192.168.1.100 2634 <-> 128.121.26.136 80 00450 22 5933 (0s) STATE tcp 207.69.231.40 3549 <-> 64.179.35.23 25 17803 51868116715982822 207007877431296 (-1014956032s) nsfnet-igp 182.141.195.93 0 <-> 95.94.91.124 0 54357 103166144177045504 17130536501248 (244479s) proto 212 1.138.233.0 17805 <-> 0.0.1.186 0 25648 7005922216430549619 7234316394206028643 (1919246953s) proto 114 115.35.10.35 25459 <-> 10.35.35.10 25205 28773 746535686742044009 7237131173698865443 (1819176809s) gmtp 112.104.115.101 28521 <-> 114.102.101.114 29285 -- Mark J. Nernberg Downtown Help Desk IT Specialist (412)478-6262 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BD08DDC6.5ADE%m>