From owner-freebsd-net Sun Dec 19 15:28:39 1999 Delivered-To: freebsd-net@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id A59F714D0D for ; Sun, 19 Dec 1999 15:28:34 -0800 (PST) (envelope-from ben@scientia.demon.co.uk) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=ben) by scientia.demon.co.uk with smtp (Exim 3.092 #1) id 11zo74-000OeZ-00; Sun, 19 Dec 1999 21:43:34 +0000 Date: Sun, 19 Dec 1999 21:43:34 +0000 From: Ben Smithurst To: Stan Brown Cc: FreeBSD Networking Subject: Re: Puzzling ipfw rejections Message-ID: <19991219214334.A2246@strontium.scientia.demon.co.uk> References: <199912191637.IAA26258@netcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <199912191637.IAA26258@netcom.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Stan Brown wrote: > Could some kind soul explain the following to me? > > > Dec 18 11:57:19 koala /kernel: ipfw: 2300 Deny TCP 208.140.99.1:4622 24.6.61.166:113 in via ed1 > Dec 18 11:58:29 koala /kernel: ipfw: 2300 Deny TCP 208.140.99.1:4658 24.6.61.166:113 in via ed1 > Dec 18 12:09:34 koala /kernel: ipfw: 1600 Deny TCP 199.183.9.112:3904 24.6.61.166:23 in via ed1 > Dec 18 12:10:11 koala /kernel: ipfw: 1600 Deny TCP 199.183.9.112:1022 24.6.61.166:22 in via ed1 > Dec 18 12:13:16 koala /kernel: ipfw: 1400 Deny TCP 199.183.9.112:1022 24.6.61.166:22 in via ed1 > Dec 18 12:35:58 koala /kernel: ipfw: 1500 Deny TCP 199.183.9.112:4087 24.6.61.166:21 in via ed1 > Dec 18 12:36:40 koala /kernel: ipfw: 1500 Deny TCP 199.183.9.112:4087 24.6.61.166:21 in via ed1 > > The machine in question is a new gateway machine that I am seting up > *3.3 STABLE) using ipfw and natd. I _believe that the rejections are > related to a script that I run that makes backups of my accounts on > local machines. In this case the machines are netcom.com, and awod.com > Thsi script tars up the contents, and then ftps's it back to a machine > behind the firewall (kodiak). > > But I don't understand the port numbers that I am seeing here. can > anyone give me a clue? Take a look in /etc/services. ftp 21/tcp #File Transfer [Control] ssh 22/tcp #Secure Shell Login telnet 23/tcp auth 113/tcp ident tap #Authentication Service The source ports aren't really important here. -- Ben Smithurst | PGP: 0x99392F7D ben@scientia.demon.co.uk | key available from keyservers and | ben+pgp@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message