From owner-freebsd-questions@FreeBSD.ORG  Wed Apr 13 20:59:40 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B2F2F16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Apr 2005 20:59:40 +0000 (GMT)
Received: from mail.nativenerds.com (host-70-0-111-24.midco.net [24.111.0.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 117D443D54
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Apr 2005 20:59:40 +0000 (GMT)
	(envelope-from estover@nativenerds.com)
Received: from red (host-14-37-230-24.midco.net [24.230.37.14])
	j3DLClWl034241;	Wed, 13 Apr 2005 15:12:47 -0600 (MDT)
	(envelope-from estover@nativenerds.com)
From: Ed Stover <estover@nativenerds.com>
To: bob@a1poweruser.com
In-Reply-To: <MIEPLLIBMLEEABPDBIEGKEBDHEAA.bob@a1poweruser.com>
References: <MIEPLLIBMLEEABPDBIEGKEBDHEAA.bob@a1poweruser.com>
Content-Type: text/plain
Organization: Native Nerds
Date: Wed, 13 Apr 2005 15:00:14 -0600
Message-Id: <1113426014.91701.18.camel@red.nativenerds.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.nativenerds.com
cc: sergei@gnezdov.net
cc: freebsd-questions@freebsd.org
Subject: RE: How to interpret ipfw log?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: estover@nativenerds.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2005 20:59:40 -0000

On Tue, 2005-04-12 at 23:28 -0400, bob@a1poweruser.com wrote:
> Your ipfw rule 2500 is denying those outbound packets
> 192.168.0.200:65117  is your ip address: port number
> 65.87.165.45:5800 is the remote target ip address and port number
> and this is leaving your pc on NIC  named tx0
> 
> 
> 
> 
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Sergei
> Gnezdov
> Sent: Tuesday, April 12, 2005 11:08 PM
> To: freebsd-questions@freebsd.org
> Subject: How to interpret ipfw log?
> 
> The following firewall log seems to make very little sense to me.
> What could it possibly mean?
> 
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117
> 65.87.165.45:5800 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761
> 65.87.165.45:1003 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116
> 65.87.165.45:1362 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055
> 65.87.165.45:6101 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352
> 65.87.165.45:888 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272
> 65.87.165.45:969 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267
> 65.87.165.45:471 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164
> 65.87.165.45:1496 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306
> 65.87.165.45:5716 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970
> 65.87.165.45:281 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115
> 65.87.165.45:106 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007
> 65.87.165.45:284 out via tx0
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
looks like nmap ;)