Results 1 to 1 of 1

Thread: Can't explain some BLOCK FORWARD log messages

  1. #1

    Question Can't explain some BLOCK FORWARD log messages

    I'm using ufw to configure ubuntu 8.04 server as a router w/ IP Masquerade per http://doc.ubuntu.com/ubuntu/serverg.../firewall.html. All works well, but I see quite a few BLOCK FORWARD log messages that I don't expect/can't explain. The two below cite port 2223 from an inside machine (192.168.1.159) to the IP of a hosted server of mine (65.111.165.123). Port 2223 is a valid service port on 65.111.165.123 and the traffic seems to flow just fine from the client side.

    If I didn't notice the log messages, I wouldn't know any packets were being dropped. But why are packets being dropped at all? The connection is open over a long period and the messages are consistent, 1-3 such log messages per minute. I see similar BLOCKs for some port 80 traffic, too.

    Can anyone help explain, or suggest further investigation as to why?

    Apr 28 11:13:13 bolet kernel: [79716.969503] [UFW BLOCK FORWARD]: IN=eth1 OUT=eth0 SRC=65.111.165.123 DST=192.168.1.159 LEN=52 TOS=0x00 PREC=0x20 TTL=49 ID=18291 DF PROTO=TCP SPT=2223 DPT=3029 WINDOW=13464 RES=0x00 ACK PSH URGP=0
    Apr 28 11:13:31 bolet kernel: [79735.186914] [UFW BLOCK FORWARD]: IN=eth0 OUT=eth1 SRC=192.168.1.159 DST=65.111.165.123 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=40375 DF PROTO=TCP SPT=3029 DPT=2223 WINDOW=65535 RES=0x00 ACK URGP=0

    My /etc/ufw/before.rules is attached, which should be stock plus the IP Masquerade rules.
    Attached Files Attached Files

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •