confused about a specific log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I'm a little confused with something I've noticed in my logs. Basically, I don't understand why the following is being logged:

Sep 11 00:25:53 boden kernel: IN=eth2 OUT=eth0 SRC=192.168.0.2 DST=66.77.124.62 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=13002 DF PROTO=TCP SPT=81 DPT=8252 WINDOW=16160 RES=0x00 ACK URGP=0 

To start, I have set up a DMZ with a web server running on port 81 with an IP of 192.168.0.2, and it seems to be working great. I can connect to the server from my LAN and from the internet and there doesn't seem to be any problems.

With regards to the above log, the noted destination IP is my work address. So when I'm at there, I can connect to my server on my DMZ and everything seems fine. I'm not getting any errors or anything. So that's why I'm confused. Why is the above ACK packet getting dropped when by all accounts everything seems to be working correctly. Furthermore, from what I can gather, I've set my FORWARD Policies correctly. So why is the above ACK getting dropped at all? Is this a problem that I need to worry about?

Shouldn't the following Forward rule cover the above packet:

6 8210 6044K ACCEPT tcp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:81 state ESTABLISHED 

Here are my iptables rules:

Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination 
1 4 296 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 
2 0 0 DROPLOG all -- eth0 * 192.168.1.0/24 0.0.0.0/0 
3 0 0 DROPLOG all -- eth0 * 192.168.0.0/24 0.0.0.0/0 
4 0 0 DROPLOG all -- eth0 * 127.0.0.0/8 0.0.0.0/0 
5 136 6478 ACCEPT tcp -- eth1 * 192.168.1.0/24 0.0.0.0/0 
6 0 0 ACCEPT tcp -- eth2 * 192.168.0.0/24 0.0.0.0/0 
7 0 0 ACCEPT icmp -- eth1 * 192.168.1.0/24 0.0.0.0/0 
8 0 0 ACCEPT icmp -- eth2 * 192.168.0.0/24 0.0.0.0/0 
9 9 412 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW,ESTABLISHED 
10 14072 1436K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,RELATED,ESTABLISHED 
11 54 8922 ACCEPT all -- eth0 * 0.0.0.0/0 xxx.xxx.xxx.xxx state RELATED,ESTABLISHED 
12 677 92464 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 
13 515 35571 DROPLOG all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination 
1 0 0 ACCEPT icmp -- eth2 eth1 192.168.0.0/24 192.168.1.0/24 
2 0 0 ACCEPT icmp -- eth1 eth2 192.168.1.0/24 192.168.0.0/24 
3 7690 2386K ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 
4 7357 424K ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 
5 8260 948K ACCEPT tcp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 state NEW,ESTABLISHED 
6 8210 6044K ACCEPT tcp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:81 state ESTABLISHED 
7 1899 166K ACCEPT tcp -- eth1 eth2 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 state NEW,ESTABLISHED 
8 1799 1328K ACCEPT tcp -- eth2 eth1 0.0.0.0/0 0.0.0.0/0 tcp spt:81 state ESTABLISHED 
9 103 12036 ACCEPT tcp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED 
10 95 72114 ACCEPT tcp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED 
11 0 0 ACCEPT tcp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW,RELATED,ESTABLISHED 
12 0 0 ACCEPT tcp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 tcp spt:21 state RELATED,ESTABLISHED 
13 0 0 ACCEPT tcp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 tcp spt:443 state RELATED,ESTABLISHED 
14 0 0 ACCEPT tcp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW,RELATED,ESTABLISHED 
15 9 553 ACCEPT udp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED udp dpt:53 
16 9 1317 ACCEPT udp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED udp spt:53 
17 1 76 ACCEPT udp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW,ESTABLISHED 
18 1 76 ACCEPT udp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED 
19 22 14992 DROPLOG all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination 
1 4 296 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 
2 0 0 ACCEPT icmp -- * eth1 0.0.0.0/0 192.168.1.0/24 
3 0 0 ACCEPT icmp -- * eth2 0.0.0.0/0 192.168.0.0/24 
4 0 0 DROPLOG all -- * eth0 0.0.0.0 192.168.1.0/24 
5 0 0 DROPLOG all -- * eth0 0.0.0.0 192.168.0.0/24 
6 0 0 DROPLOG all -- * eth0 0.0.0.0 127.0.0.0/8 
7 149 15331 ACCEPT all -- * eth1 xxx.xxx.xxx.xxx 192.168.1.0/24 
8 0 0 ACCEPT tcp -- * eth2 xxx.xxx.xxx.xxx 192.168.0.0/24 tcp spt:80 
9 17763 16M ACCEPT all -- * eth0 xxx.xxx.xxx.xxx 0.0.0.0/0 
10 0 0 ACCEPT tcp -- * eth2 192.168.0.1 192.168.0.2 tcp dpt:81 
11 0 0 ACCEPT tcp -- * eth1 192.168.1.1 255.255.255.255 tcp spt:67 dpt:68 
12 0 0 ACCEPT udp -- * eth1 192.168.1.1 255.255.255.255 udp spt:67 dpt:68 
13 0 0 ACCEPT udp -- * eth1 192.168.1.1 192.168.1.0/24 udp spt:67 dpt:68 
14 0 0 ACCEPT tcp -- * eth1 192.168.1.1 192.168.1.120 tcp dpt:9100 
15 0 0 DROPLOG all -- * * !xxx.xxx.xxx.xxx 0.0.0.0/0 

Chain DROPLOG (9 references)
num pkts bytes target prot opt in out source destination 
1 537 50563 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 
2 537 50563 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 




Thanks a bunch. 

Mike
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux