LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   iptables question (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-question-4175515451/)

vagmor 08-19-2014 07:33 AM
iptables question
 
Hello to all
First time write to this forum allthough it has helped a lot in the past
i have a linuxbox as a router with 2 adsl lines and i have amongst others a web server somewhere in my lan. i have iptables as drop everything and allow specific rules. i "ACCEPT" and "FORWARD" the port 80 but from time to time get this to my log

Code:
Aug 19 15:09:05 gateway kernel: [3176747.445539] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.246.213 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=26925 DF PROTO=TCP SPT=59268 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:09:43 gateway kernel: [3176785.291293] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.245.184 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=43030 DF PROTO=TCP SPT=47741 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:10:01 gateway kernel: [3176802.889644] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.53.187 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=53 ID=46290 DF PROTO=TCP SPT=23053 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:11:04 gateway kernel: [3176866.221187] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=141.101.97.149 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=55164 DF PROTO=TCP SPT=14176 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:11:19 gateway kernel: [3176880.730061] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=23.89.101.186 DST=192.168.0.44 LEN=48 TOS=0x08 PREC=0x00 TTL=106 ID=21603 DF PROTO=TCP SPT=58515 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 19 15:11:40 gateway kernel: [3176901.820095] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=76.164.225.75 DST=192.168.0.44 LEN=48 TOS=0x08 PREC=0x00 TTL=108 ID=30199 DF PROTO=TCP SPT=54250 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 19 15:12:19 gateway kernel: [3176940.622944] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=119.46.110.17 DST=192.168.0.44 LEN=44 TOS=0x08 PREC=0x00 TTL=49 ID=11005 DF PROTO=TCP SPT=32870 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:13:51 gateway kernel: [3177033.281465] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.246.193 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=12564 DF PROTO=TCP SPT=35304 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:15:19 gateway kernel: [3177120.599942] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.246.214 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=62887 DF PROTO=TCP SPT=39435 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:16:00 gateway kernel: [3177161.856085] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.55.164 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=11261 DF PROTO=TCP SPT=61476 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:17:23 gateway kernel: [3177244.598147] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.55.139 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=6505 DF PROTO=TCP SPT=30611 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:17:41 gateway kernel: [3177263.093519] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.136 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=16732 DF PROTO=TCP SPT=53272 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:18:39 gateway kernel: [3177320.570335] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.56.190 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=44563 DF PROTO=TCP SPT=9622 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:20:20 gateway kernel: [3177421.903144] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.142 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=9682 DF PROTO=TCP SPT=46045 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:21:26 gateway kernel: [3177487.787295] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.136 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=37178 DF PROTO=TCP SPT=47319 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:21:58 gateway kernel: [3177520.247764] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.136 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=977 DF PROTO=TCP SPT=27147 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:23:58 gateway kernel: [3177639.653435] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.160 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=45508 DF PROTO=TCP SPT=16763 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
Aug 19 15:24:23 gateway kernel: [3177664.858488] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.55.140 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=57140 DF PROTO=TCP SPT=18927 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
and from time to time i get a timeout error when visitting my webserver, can't figure out why packets die, the only weird thing is the mac adresses look suspicious

smallpond 08-20-2014 04:19 PM
What iptables prints calls MAC is actually the whole ethernet header
Code:
00:13:8f:de:35:f2 = dest MAC
00:12:ef:65:f9:7d = source MAC
08:00 = IPv4 protocol

vagmor 08-21-2014 02:08 PM
hey
thanks for your replay
the real question is why are these packets dropped allthough I have accept them in firewall
thousands of other requests pass by firewall but these are dropped
at port 80 is my web server ...obviously :P


All times are GMT -5. The time now is 05:20 PM.