Date: Fri, 18 Jun 2004 21:22:18 +0200 (CEST) From: "Martin" <bts@iae.nl> To: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>, "Robert Downes" <nullentropy@lineone.net> Subject: Re: Blocked outbound traffic - what is it? Message-ID: <200406182122.2239016.6@btsoftware.com> In-Reply-To: <40D3106A.9030403@lineone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
- Is rl0 your outside interface ? - Do you have Natd on the outside interface or reversed on the inside interface ? - Do you have multiple outside interfaces ? - 192.168.1.102 is this system on your internal network ? - Do you have a local DNS (or hosts file) running where you mapped away spying hosts ? - "out" means outgoing, but "via rl0" does not mean "out thru rl0". It could means more or less "a packet having to do something with rl0, either in or out". - Do you have rules in your FW, causing to bypass natd ? - Do you have static natd routing ? - Do you do IP/port forwarding on specific ports ? Please post your rules. Martin. On Fri, 18 Jun 2004 16:55:22 +0100, Robert Downes wrote: >Matthew McGehrin wrote: > >>You need to post your ruleset to the list along with some of your log's, or >>your not going to get a response. >> >The ruleset is the one posted to this list recently: > > >http://lists.freebsd.org/mailman/htdig/freebsd-ipfw/2004-June/001182.html > >and some of the output of `cat /var/log/security | grep out`: > >Jun 18 15:32:37 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3066 >64.158.223.128:80 out via rl0 >Jun 18 16:03:39 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3113 >216.136.173.10:110 out via rl0 >Jun 18 16:07:56 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3118 >213.189.140.44:80 out via rl0 >Jun 18 16:09:45 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3123 >216.136.173.10:110 out via rl0 >Jun 18 16:23:39 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3136 >216.136.173.10:110 out via rl0 >Jun 18 16:31:53 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3181 >65.59.207.13:80 out via rl0 >Jun 18 16:31:58 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3181 >65.59.207.13:80 out via rl0 > >These are just a few of many similar entries. The requests to port 110 >are to a legitimate mail server. The requests to port 80 seem to be to >banner-ad addresses, and to addresses that are legitimate but are not >the same IP as the original browser request. > >But my point is: what feature of these packets is making them fail the >filter, and why do I not seem to be missing anything on the pages (such >as banner ads) even though requests are being blocked? > >If it's perfectly reasonable for these packets to be denied, then I'm >happy with that. But I'm worried that something important is being >killed on the spot. (Even though I can't work out what.) > >-- >Bob > >_______________________________________________ >freebsd-ipfw@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406182122.2239016.6>