View Full Version : [ubuntu] Can't explain some BLOCK FORWARD log messages

April 28th, 2008, 07:47 PM
I'm using ufw to configure ubuntu 8.04 server as a router w/ IP Masquerade per http://doc.ubuntu.com/ubuntu/serverguide/C/firewall.html. All works well, but I see quite a few BLOCK FORWARD log messages that I don't expect/can't explain. The two below cite port 2223 from an inside machine ( to the IP of a hosted server of mine ( Port 2223 is a valid service port on and the traffic seems to flow just fine from the client side.

If I didn't notice the log messages, I wouldn't know any packets were being dropped. But why are packets being dropped at all? The connection is open over a long period and the messages are consistent, 1-3 such log messages per minute. I see similar BLOCKs for some port 80 traffic, too.

Can anyone help explain, or suggest further investigation as to why?

Apr 28 11:13:13 bolet kernel: [79716.969503] [UFW BLOCK FORWARD]: IN=eth1 OUT=eth0 SRC= DST= LEN=52 TOS=0x00 PREC=0x20 TTL=49 ID=18291 DF PROTO=TCP SPT=2223 DPT=3029 WINDOW=13464 RES=0x00 ACK PSH URGP=0
Apr 28 11:13:31 bolet kernel: [79735.186914] [UFW BLOCK FORWARD]: IN=eth0 OUT=eth1 SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=40375 DF PROTO=TCP SPT=3029 DPT=2223 WINDOW=65535 RES=0x00 ACK URGP=0

My /etc/ufw/before.rules is attached, which should be stock plus the IP Masquerade rules.