Artemus |
07-05-2012 09:58 AM |
What is my firewall blocking? (maybe ipsec-tools and/or nfsv4 related?)
I have two Ubuntu 12.04 LTS boxes acting as gateways that also join two LANs using an ipsec tunnel. The details are
Gateway 1:
LAN: 10.56.182.0/24
LAN IP: 10.56.182.1
WAN IP: xxx.yyy.68.11
ip route add 10.56.183.0/24 via xxx.yyy.68.11 src 10.56.182.1
is run on boot from /etc/rc.local
Gateway 2:
LAN: 10.56.183.0/24
LAN IP: 10.56.183.1
WAN IP: xxx.yyy.68.30
ip route add 10.56.182.0/24 via xxx.yyy.68.30 src 10.56.183.1
is run on boot from /etc/rc.local
Filesystems on each gateway are mounted on the other other gateway using nfsv4, mounted through the tunnel. That is, the filesystem on Gateway 1 is exported to 10.56.183.1 and is mounted on Gateway 2 from 10.56.182.1. This seems to work fine for the most part. However, periodically I find the following in the UFW firewall log on Gateway 2:
Code:
Jul 5 01:01:02 calvin kernel: [230584.711633] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=106 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:01:03 calvin kernel: [230585.710517] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=107 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:01:05 calvin kernel: [230587.714504] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=108 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:01:09 calvin kernel: [230591.726522] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=109 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:01:17 calvin kernel: [230599.742525] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=110 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:01:33 calvin kernel: [230615.774530] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=111 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:04:20 calvin kernel: [230782.072824] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58454 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:04:21 calvin kernel: [230783.070748] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58455 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:23 calvin kernel: [230785.072453] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58456 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:27 calvin kernel: [230789.086472] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58457 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:29 calvin kernel: [230791.452089] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55852 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:30 calvin kernel: [230792.448800] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55853 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:32 calvin kernel: [230794.456101] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55854 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:35 calvin kernel: [230797.102949] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58458 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:36 calvin kernel: [230798.460959] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55855 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:44 calvin kernel: [230806.468807] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55856 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:04:51 calvin kernel: [230813.118755] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58459 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:05:00 calvin kernel: [230822.501109] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55857 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:06:44 calvin kernel: [230926.082700] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23222 DF PROTO=TCP SPT=978 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul 5 01:09:01 calvin kernel: [231063.802816] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57878 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:09:02 calvin kernel: [231064.802468] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57879 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:09:04 calvin kernel: [231066.806477] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57880 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 01:09:32 calvin kernel: [231094.846470] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57883 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 07:30:01 calvin kernel: [253923.840688] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37181 DF PROTO=TCP SPT=844 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul 5 07:30:02 calvin kernel: [253924.838090] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37182 DF PROTO=TCP SPT=844 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
It seems to be related to accessing one of the filesystems through nfsv4. I have all access through the tunnels opened and esp, ah, and upd 500 port open between the gateways. On Gateway 2:
$ sudo ufw status
[sudo] password for Artemus:
Status: active
To Action From
-- ------ ----
Anywhere ALLOW 10.56.0.0/16
Anywhere ALLOW xxx.yyy.68.11/esp
Anywhere ALLOW xxx.yyy.68.11/ah
Anywhere ALLOW xxx.yyy.68.11 500/udp
Does anyone have any idea what is being blocked by the firewall?
|