LinuxQuestions.org
Page 4 of 4 « First 23 4
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Problem with port forwarding (NAT) on FC 5 (https://www.linuxquestions.org/questions/linux-networking-3/problem-with-port-forwarding-nat-on-fc-5-a-465959/)

blackhole54 08-10-2006 06:06 PM
I am not familiar with FC so I can't advise you with how it does things. Maybe another poster can. If you feel comfortable reading bash scripts, you can take a look at the script FC uses to start the firewall and use man pages to aid you in interpreting the contents of iptables-config. The script is probably called /etc/init.d/iptables.

Another alternative is turn off Fedora Core's normal iptables script and have it run your custom script at startup instead. This is done by changing a symlink in /etc/rc3.d (assuming you are at runlevel 3). I can advise you how to do this manually. There is probably a tool designed to aid you with that, but I can't advise you about that.

I am glad you got the zeroconf problem solved. That seems really strange to me. I will have to research that sometime. Well, I do expect to learn some things posting here!

win32sux 08-10-2006 10:39 PM
just curious: i've always been under the impression that, on red hat distros, doing this would take care of saving your iptables config without the need to edit any files manually:
Code:
service iptables save
please let me know if i've misunderstood how that command works...

as for the iptables-config file, i too am not familiar with that, but i read the name of those parameters and i think i understand what they do judging by their names... those settings it has sound fine to me in that regard... the only weird thing i saw was that the name of the iptable_nat module had a space in it, like:
Quote:
iptab le_nat
not sure if that was a typo during post or what... and in any case, modules like that get loaded automatically as needed... but still, if it's written like that in the file i would correct it...

blackhole54 08-10-2006 11:49 PM
Quote:
Originally Posted by win32sux
just curious: i've always been under the impression that, on red hat distros, doing this would take care of saving your iptables config without the need to edit any files manually:
Code:
service iptables save
please let me know if i've misunderstood how that command works...
Yup. At least they used to do it that way. From the RH8.0 /etc/init.d/iptables file (omitting most of the file):

Code:
IPTABLES_CONFIG=/etc/sysconfig/iptables

[  snip  ]

  save)
        echo -n $"Saving current rules to $IPTABLES_CONFIG: "
        touch $IPTABLES_CONFIG
        chmod 600 $IPTABLES_CONFIG
        /sbin/iptables-save -c > $IPTABLES_CONFIG  2>/dev/null && \
          success $"Saving current rules to $IPTABLES_CONFIG" || \
          failure $"Saving current rules to $IPTABLES_CONFIG"
        echo
        ;;

  *)
        echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
        exit 1
When I was looking at this earlier, I apparently didn't scroll down far enough in the file and missed it:o! The start() and stop() are functions at the top of the file , while the rest is inline. But RH 8.0 did not have the iptables-config file. So they've obviously changed something.

heberrdacruz 08-18-2006 08:37 AM
I am sorry for the long silence. I have been too busy this week and newton seems not to be causing any noticeable problems.
Thank you very much for your comments. I am sorry for my ignorance. You are completely right:
Code:
service iptables save
will do exactly the same I did manually.
Regarding
Code:
iptab le_nat
what happened was that I copied that from a terminal window and iptab was right at end of the screen. The noncomment nonblank lines from the file actually are
Code:
IPTABLES_MODULES="ip_tables ip_conntrack ip_conntrack_ftp ip_conntrack_irc iptable_nat ip_nat_ftp ip_conntrack_netbios_ns"
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"
IPTABLES_STATUS_VERBOSE="no"
IPTABLES_STATUS_LINENUMBERS="yes"
crontab runs daily a script called logwatch. As an example, I received today an email which, among other things gives me the following information, about yesterday
Code:
Dropped 1121 packets on interface eth1
  From 192.168.30.14 - 7 packets to tcp(80)
  From 192.168.30.16 - 31 packets to tcp(80)
  From 192.168.30.92 - 12 packets to tcp(8080)
  From 192.168.30.108 - 13 packets to tcp(8080)
  From 192.168.30.109 - 37 packets to tcp(8080)
  From 192.168.30.110 - 138 packets to tcp(8080)
  From 192.168.30.111 - 28 packets to tcp(8080)
  From 192.168.30.112 - 3 packets to tcp(80,8080,63059)
  From 192.168.30.118 - 31 packets to tcp(80,8080)
  From 192.168.30.120 - 2 packets to tcp(8080)
  From 192.168.30.126 - 5 packets to tcp(80)
  From 192.168.30.133 - 50 packets to tcp(8080)
  From 192.168.30.136 - 295 packets to tcp(1863,8080)
  From 192.168.30.150 - 8 packets to tcp(443)
  From 192.168.30.152 - 20 packets to tcp(8080)
  From 192.168.30.153 - 105 packets to tcp(8080)
  From 192.168.30.160 - 2 packets to tcp(8080)
  From 192.168.30.162 - 12 packets to tcp(80)
  From 192.168.30.164 - 53 packets to tcp(80,8080)
  From 192.168.30.170 - 50 packets to tcp(8080)
  From 200.17.xxx.xxx - 213 packets to udp(53)
  From 200.17.xxx.yyy - 6 packets to udp(53)
Regarding the last two lines I am sorting this out. There are people using public IPs linked to the internal switch. I find it odd that packets to the http, proxy and DNS ports are being dropped. As I said earlier, this is not noticeable.
I have listed below all the FORWARD drops form yesterday, which again I don’t understand.
Code:
Aug 17 05:18:20 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54593 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:20 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45036 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:20 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10267 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:21 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10268 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:21 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45037 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:21 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54594 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:22 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10269 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:22 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45038 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:22 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54595 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:25 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10270 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:25 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45039 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:25 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54596 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:30 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10271 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:31 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45040 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:31 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54597 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:42 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10272 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:42 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45041 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:18:43 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54598 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:19:04 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10273 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:19:05 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45042 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:19:08 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54599 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:19:48 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10274 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:19:51 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45043 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:19:56 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54600 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:21:17 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=10275 DF PROTO=TCP SPT=52317 DPT=80 WINDOW=58 RES=0x00 ACK FIN URGP=0
Aug 17 05:21:24 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45044 DF PROTO=TCP SPT=52316 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 05:21:33 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54601 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0
Aug 17 09:36:42 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=208.116.12.66 LEN=545 TOS=0x00 PREC=0x00 TTL=63 ID=40950 DF PROTO=TCP SPT=50053 DPT=80 WINDOW=5840 RES=0x00 ACK PSH FIN URGP=0
Aug 17 09:38:01 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=208.116.12.58 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=182 DF PROTO=TCP SPT=50124 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 09:39:01 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=208.116.12.58 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=183 DF PROTO=TCP SPT=50124 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 09:42:02 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.126 DST=200.130.18.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=20739 DF PROTO=TCP SPT=1053 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Aug 17 09:44:48 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.118 DST=200.234.196.74 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=59278 DF PROTO=TCP SPT=2193 DPT=80 WINDOW=65482 RES=0x00 ACK FIN URGP=0
Aug 17 09:46:16 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=207.46.216.59 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=593 DF PROTO=TCP SPT=50307 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 09:47:19 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=207.46.216.59 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=594 DF PROTO=TCP SPT=50307 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 09:47:23 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=207.46.216.59 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=9287 DF PROTO=TCP SPT=50322 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 09:48:35 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.14 DST=207.46.216.59 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=9288 DF PROTO=TCP SPT=50322 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:04:09 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=64.186.240.114 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=23768 DF PROTO=TCP SPT=41072 DPT=80 WINDOW=501 RES=0x00 ACK FIN URGP=0
Aug 17 11:04:40 newton kernel: FORWARD DROP: IN=eth0 OUT=eth0 SRC=192.168.30.108 DST=200.17.114.40 LEN=105 TOS=0x00 PREC=0x00 TTL=127 ID=6300 PROTO=UDP SPT=1588 DPT=53 LEN=85
Aug 17 11:05:16 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=64.186.240.114 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=23769 DF PROTO=TCP SPT=41072 DPT=80 WINDOW=501 RES=0x00 ACK FIN URGP=0
Aug 17 11:13:24 newton kernel: FORWARD DROP: IN=eth0 OUT=eth0 SRC=192.168.30.92 DST=65.54.179.228 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=39322 DF PROTO=TCP SPT=48758 DPT=443 WINDOW=2573 RES=0x00 ACK FIN URGP=0
Aug 17 11:39:44 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.185.83 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=20085 DF PROTO=TCP SPT=50129 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:39:44 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.185.83 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=20087 DF PROTO=TCP SPT=50129 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:39:46 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.112 DST=143.107.229.73 LEN=289 TOS=0x00 PREC=0x00 TTL=127 ID=19074 DF PROTO=TCP SPT=1516 DPT=63059 WINDOW=65486 RES=0x00 ACK PSH FIN URGP=0
Aug 17 11:39:55 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.185.83 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=20089 DF PROTO=TCP SPT=50129 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:40:19 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.185.83 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=20091 DF PROTO=TCP SPT=50129 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:41:08 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.185.83 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=20093 DF PROTO=TCP SPT=50129 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:42:45 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.185.83 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=20095 DF PROTO=TCP SPT=50129 DPT=80 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Aug 17 11:48:23 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=13603 DF PROTO=TCP SPT=54982 DPT=80 WINDOW=1460 RES=0x00 ACK FIN URGP=0
Aug 17 11:48:34 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=13605 DF PROTO=TCP SPT=54982 DPT=80 WINDOW=1460 RES=0x00 ACK FIN URGP=0
Aug 17 11:48:57 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=13607 DF PROTO=TCP SPT=54982 DPT=80 WINDOW=1460 RES=0x00 ACK FIN URGP=0
Aug 17 11:49:42 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=13609 DF PROTO=TCP SPT=54982 DPT=80 WINDOW=1460 RES=0x00 ACK FIN URGP=0
Aug 17 11:51:12 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=13611 DF PROTO=TCP SPT=54982 DPT=80 WINDOW=1460 RES=0x00 ACK FIN URGP=0
Aug 17 12:07:01 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=2310 DF PROTO=TCP SPT=49186 DPT=80 WINDOW=1775 RES=0x00 ACK FIN URGP=0
Aug 17 12:08:29 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=2312 DF PROTO=TCP SPT=49186 DPT=80 WINDOW=1775 RES=0x00 ACK FIN URGP=0
Aug 17 12:09:40 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=36960 DF PROTO=TCP SPT=36248 DPT=80 WINDOW=6528 RES=0x00 ACK FIN URGP=0
Aug 17 12:09:46 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=23922 DF PROTO=TCP SPT=36253 DPT=80 WINDOW=4356 RES=0x00 ACK FIN URGP=0
Aug 17 12:11:06 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=36962 DF PROTO=TCP SPT=36248 DPT=80 WINDOW=6528 RES=0x00 ACK FIN URGP=0
Aug 17 12:11:12 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=23924 DF PROTO=TCP SPT=36253 DPT=80 WINDOW=4356 RES=0x00 ACK FIN URGP=0
Aug 17 12:11:26 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.187.99 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=24327 DF PROTO=TCP SPT=34646 DPT=80 WINDOW=8576 RES=0x00 ACK FIN URGP=0
Aug 17 12:11:33 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.169.99 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=10472 DF PROTO=TCP SPT=55675 DPT=80 WINDOW=25740 RES=0x00 ACK FIN URGP=0
Aug 17 12:12:47 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.187.99 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=24329 DF PROTO=TCP SPT=34646 DPT=80 WINDOW=8576 RES=0x00 ACK FIN URGP=0
Aug 17 12:13:00 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=64.233.169.99 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=10474 DF PROTO=TCP SPT=55675 DPT=80 WINDOW=25740 RES=0x00 ACK FIN URGP=0
Aug 17 12:13:26 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.164 DST=200.183.155.133 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=9988 DF PROTO=TCP SPT=36249 DPT=80 WINDOW=4356 RES=0x00 ACK FIN URGP=0
Aug 17 12:14:14 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.118 DST=65.54.195.185 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10133 DF PROTO=TCP SPT=3995 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 17 12:14:14 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.118 DST=65.54.195.185 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10134 DF PROTO=TCP SPT=3994 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 17 12:45:35 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=65.54.183.202 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3347 DF PROTO=TCP SPT=36747 DPT=80 WINDOW=2908 RES=0x00 ACK FIN URGP=0
Aug 17 12:46:26 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=207.46.216.60 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=25969 DF PROTO=TCP SPT=48334 DPT=80 WINDOW=1728 RES=0x00 ACK FIN URGP=0
Aug 17 12:46:53 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=207.46.216.60 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=6052 DF PROTO=TCP SPT=48346 DPT=80 WINDOW=1728 RES=0x00 ACK FIN URGP=0
Aug 17 12:47:03 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=65.54.183.202 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3349 DF PROTO=TCP SPT=36747 DPT=80 WINDOW=2908 RES=0x00 ACK FIN URGP=0
Aug 17 12:47:24 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=64.4.33.7 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=39132 DF PROTO=TCP SPT=53440 DPT=80 WINDOW=2032 RES=0x00 ACK FIN URGP=0
Aug 17 12:47:25 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=65.54.179.192 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=65300 DF PROTO=TCP SPT=37951 DPT=80 WINDOW=2184 RES=0x00 ACK FIN URGP=0
Aug 17 12:48:16 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=207.46.216.60 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=25971 DF PROTO=TCP SPT=48334 DPT=80 WINDOW=1728 RES=0x00 ACK FIN URGP=0
Aug 17 12:48:29 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=207.46.216.60 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=6054 DF PROTO=TCP SPT=48346 DPT=80 WINDOW=1728 RES=0x00 ACK FIN URGP=0
Aug 17 12:49:03 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=65.54.179.192 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=65302 DF PROTO=TCP SPT=37951 DPT=80 WINDOW=2184 RES=0x00 ACK FIN URGP=0
Aug 17 12:49:18 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=64.4.33.7 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=39134 DF PROTO=TCP SPT=53440 DPT=80 WINDOW=2032 RES=0x00 ACK FIN URGP=0
Aug 17 13:13:38 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.126 DST=198.81.200.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=8474 DF PROTO=TCP SPT=1344 DPT=80 WINDOW=8235 RES=0x00 ACK FIN URGP=0
Aug 17 13:35:44 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.126 DST=198.81.200.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=45853 DF PROTO=TCP SPT=1319 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Aug 17 13:37:39 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=198.81.200.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=9156 DF PROTO=TCP SPT=48914 DPT=80 WINDOW=11680 RES=0x00 ACK FIN URGP=0
Aug 17 13:39:25 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.126 DST=198.81.200.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=26143 DF PROTO=TCP SPT=1450 DPT=80 WINDOW=8327 RES=0x00 ACK FIN URGP=0
Aug 17 13:39:37 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.162 DST=198.81.200.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=9158 DF PROTO=TCP SPT=48914 DPT=80 WINDOW=11680 RES=0x00 ACK FIN URGP=0
Aug 17 13:51:31 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.126 DST=198.81.200.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=34592 DF PROTO=TCP SPT=1439 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
Aug 17 14:15:23 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1668 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0
Aug 17 14:15:37 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1703 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0
Aug 17 14:15:57 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1754 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0
Aug 17 16:03:30 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.118 DST=192.150.18.61 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4892 DF PROTO=TCP SPT=3121 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 17 17:34:36 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.118 DST=65.54.195.185 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=26915 DF PROTO=TCP SPT=1069 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 17 17:34:36 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.118 DST=65.54.195.185 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=26916 DF PROTO=TCP SPT=1070 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 17 19:57:45 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.112 DST=64.152.73.236 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=41636 DF PROTO=TCP SPT=1041 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 17 20:06:43 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=140.105.16.157 LEN=72 TOS=0x00 PREC=0x00 TTL=63 ID=16578 DF PROTO=TCP SPT=41580 DPT=80 WINDOW=431 RES=0x00 ACK FIN URGP=0
Aug 17 20:08:00 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=140.105.16.157 LEN=72 TOS=0x00 PREC=0x00 TTL=63 ID=16579 DF PROTO=TCP SPT=41580 DPT=80 WINDOW=431 RES=0x00 ACK FIN URGP=0
Aug 17 20:11:23 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26895 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:11:24 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26897 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:11:27 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26899 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:11:32 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26901 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:11:42 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26903 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:12:02 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26905 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:12:42 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26907 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Aug 17 20:14:01 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.150 DST=64.233.161.104 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=26909 DF PROTO=TCP SPT=15116 DPT=443 WINDOW=5840 RES=0x00 ACK FIN URGP=0

blackhole54 08-20-2006 12:32 AM
Quote:
Originally Posted by heberrdacruz
I have listed below all the FORWARD drops form yesterday, which again I don?t understand.
I don't know what is going on either, but I do have some observations about the dropped packets on the FORWARD chain.

There were two packets which both entered and exited on eth0 when the address would indicate it should come in on eth1:

Code:
Aug 17 11:04:40 newton kernel: FORWARD DROP: IN=eth0 OUT=eth0 SRC=192.168.30.108 DST=200.17.114.40 LEN=105 TOS=0x00 PREC=0x00 TTL=127 ID=6300 PROTO=UDP SPT=1588 DPT=53 LEN=85
Aug 17 11:13:24 newton kernel: FORWARD DROP: IN=eth0 OUT=eth0 SRC=192.168.30.92 DST=65.54.179.228 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=39322 DF PROTO=TCP SPT=48758 DPT=443 WINDOW=2573 RES=0x00 ACK FIN URGP=0
Of the others, most have the ACK and FIN flags set, and except for three packets, all of the rest have the RST (reset) flag set, either with or without the ACK flag set.

The three that don't meet any of the above criteria are:

Code:
Aug 17 14:15:23 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1668 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0
Aug 17 14:15:37 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1703 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0
Aug 17 14:15:57 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1754 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0
Win32sux and I previously debated a situation with the FIN and ACK flags set. I don't think we came to any definitive decision. But both the FIN flag and RST flag have to do with a connection shutting down one way or the other. Maybe somebody else viewing this thread can come up with an explanation.

Also, heberrdacruz, I don't know how much you know about the tools in the Unix world, so forgive me if you already know this, but the grep command can come in quite handy in sorting through data like this.

EDIT: ipchains had the ability to adjust the timing parameters used in MASQueraded connections. I am unaware of any such ability in iptables to adjust the timing parameters for MASQUERADEd or SNATed connections. Does anybody know if there is a way to do that and whether it might have any bearing on the situation described here?


All times are GMT -5. The time now is 06:54 PM.
Page 4 of 4 « First 23 4
Show 50 post(s) from this thread on one page