[CS-FSLUG] Firewall fights
Ed Hurst
ehurst at asisaid.com
Wed Jan 25 10:05:35 CST 2006
Tim Young wrote:
> I know this is a strange question, but could you paste a
> /var/log/messages snippet of the packets in question that you are
> blocking? I could translate what you are saying a few ways, so before I
> make a fool of myself answering with what I suspect, I thought I would
> verify I have read your email correctly.
Sure. I'm quite certain I make a fool of myself to some degree in this
whole thread, and I've gotten used to it :-)
This one represents my frustration with firestarter. If I understand the
interface correctly, it was supposed to be allowing "time-exceeded"
pings (type 3?), yet there are quite a few of this:
Jan 25 09:48:29 krunch kernel: Inbound IN=lan0 OUT=
MAC=00:40:2b:38:4d:21:00:12:88:8d:2a:71:08:00 SRC=192.168.1.254
DST=192.168.1.65 LEN=112 TOS=0x00 PREC=0x00 TTL=255 ID=50383 DF
PROTO=ICMP TYPE=3 CODE=4 [SRC=192.168.1.65 DST=208.179.186.7 LEN=1500
TOS=0x00 PREC=0x00 TTL=63 ID=53701 DF PROTO=TCP SPT=35462 DPT=80
WINDOW=6432 RES=0x00 ACK URGP=0 ] MTU=1492
The source (192.168.1.254) is my DNS server. This sort of thing is why I
turned off firestarter.
------------
This is a sample from the Quicktables script I posted earlier;
Jan 24 11:00:12 krunch kernel: tcp connection: IN=lan0 OUT=
MAC=00:40:2b:38:4d:21:00:12:88:8d:2a:71:08:00 SRC=64.66.170.95
DST=192.168.1.65 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=8 DF PROTO=TCP
SPT=80 DPT=43456 WINDOW=0 RES=0x00 ACK RST URGP=0
The website I visited is sending me an "ack rst" and these appear
unanimously blocked. During such blockage, service was a bit slower than
normal for this machine only.
--
Ed Hurst
----------
Bible Application - http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help - http://ed.asisaid.com/
Mission, Method & Means - http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list