LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page iptables question
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-19-2014, 07:33 AM   #1
vagmor
LQ Newbie
 
Registered: Aug 2014
Posts: 3

Rep: Reputation: Disabled
iptables question

Hello to all
First time write to this forum allthough it has helped a lot in the past
i have a linuxbox as a router with 2 adsl lines and i have amongst others a web server somewhere in my lan. i have iptables as drop everything and allow specific rules. i "ACCEPT" and "FORWARD" the port 80 but from time to time get this to my log

Code:
Aug 19 15:09:05 gateway kernel: [3176747.445539] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.246.213 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=26925 DF PROTO=TCP SPT=59268 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:09:43 gateway kernel: [3176785.291293] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.245.184 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=43030 DF PROTO=TCP SPT=47741 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:10:01 gateway kernel: [3176802.889644] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.53.187 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=53 ID=46290 DF PROTO=TCP SPT=23053 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:11:04 gateway kernel: [3176866.221187] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=141.101.97.149 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=55164 DF PROTO=TCP SPT=14176 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:11:19 gateway kernel: [3176880.730061] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=23.89.101.186 DST=192.168.0.44 LEN=48 TOS=0x08 PREC=0x00 TTL=106 ID=21603 DF PROTO=TCP SPT=58515 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug 19 15:11:40 gateway kernel: [3176901.820095] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=76.164.225.75 DST=192.168.0.44 LEN=48 TOS=0x08 PREC=0x00 TTL=108 ID=30199 DF PROTO=TCP SPT=54250 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug 19 15:12:19 gateway kernel: [3176940.622944] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=119.46.110.17 DST=192.168.0.44 LEN=44 TOS=0x08 PREC=0x00 TTL=49 ID=11005 DF PROTO=TCP SPT=32870 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:13:51 gateway kernel: [3177033.281465] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.246.193 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=12564 DF PROTO=TCP SPT=35304 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:15:19 gateway kernel: [3177120.599942] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=108.162.246.214 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=46 ID=62887 DF PROTO=TCP SPT=39435 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:16:00 gateway kernel: [3177161.856085] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.55.164 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=11261 DF PROTO=TCP SPT=61476 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:17:23 gateway kernel: [3177244.598147] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.55.139 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=6505 DF PROTO=TCP SPT=30611 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:17:41 gateway kernel: [3177263.093519] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.136 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=16732 DF PROTO=TCP SPT=53272 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:18:39 gateway kernel: [3177320.570335] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.56.190 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=44563 DF PROTO=TCP SPT=9622 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:20:20 gateway kernel: [3177421.903144] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.142 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=9682 DF PROTO=TCP SPT=46045 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:21:26 gateway kernel: [3177487.787295] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.136 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=37178 DF PROTO=TCP SPT=47319 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:21:58 gateway kernel: [3177520.247764] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.136 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=977 DF PROTO=TCP SPT=27147 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:23:58 gateway kernel: [3177639.653435] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.49.160 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=49 ID=45508 DF PROTO=TCP SPT=16763 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 
Aug 19 15:24:23 gateway kernel: [3177664.858488] IPT FORWARD packet died: IN=eth2 OUT=eth0 MAC=00:13:8f:de:35:f2:00:12:ef:65:f9:7d:08:00 SRC=173.245.55.140 DST=192.168.0.44 LEN=52 TOS=0x08 PREC=0x00 TTL=48 ID=57140 DF PROTO=TCP SPT=18927 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
and from time to time i get a timeout error when visitting my webserver, can't figure out why packets die, the only weird thing is the mac adresses look suspicious
 
Old 08-20-2014, 04:19 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,138

Rep: Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263
What iptables prints calls MAC is actually the whole ethernet header
Code:
00:13:8f:de:35:f2 = dest MAC
00:12:ef:65:f9:7d = source MAC
08:00 = IPv4 protocol
 
Old 08-21-2014, 02:08 PM   #3
vagmor
LQ Newbie
 
Registered: Aug 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
hey
thanks for your replay
the real question is why are these packets dropped allthough I have accept them in firewall
thousands of other requests pass by firewall but these are dropped
at port 80 is my web server ...obviously :P
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables question sang_froid Linux - Security 5 10-09-2009 03:17 AM
question in iptables Rasees Linux - Networking 1 03-20-2009 10:01 PM
Iptables question Hammett Linux - Networking 8 09-09-2007 06:38 PM
Iptables Question? unixfreak Linux - Security 1 09-01-2004 08:23 PM
IPtables Question jacovds Linux - Security 10 11-17-2003 09:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:20 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration