Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Jun 2004 21:14:46 -0400
From:      m <m@telerama.com>
To:        <freebsd-ipfw@freebsd.org>
Subject:   IPFW doing some wierd stuff.
Message-ID:  <BD08DDC6.5ADE%m@telerama.com>

next in thread | raw e-mail | index | archive | help
I posted this to the FreeBSD general list and got no response.

I'm using FreeBSD 5.2.1 with IPFW2 as a firewall/router on a network.

I'm seeing some very strange things in the dynamic ruleset.  The last 4
entries in the list are the issues.  You can see that none of the informatin
in the last 4 dynamic rules makes any sense -- not the #/packets or bytes,
the rule #, or even the protocol.  The IP addresses referred to are not
local to any part of the network, and some aren't even listed in the
appropriate WHOIS database.

I'm totally lost on this.  Any help would be appreciated, including
suggestions as to how to generate better log information.  Nothing shows in
my logs, either.

Interestingly, these last (wierd) rules appear & disappear at random
intervals, with different information each time -- different rule numebrs
(but non-existent in my ruleset), different Ips, and different protocols.

host-64-179-35-23# ipfw -de show
00050      35654   14976392 divert 8668 ip from any to any via xl0
00100       2988    2071714 allow ip from 127.0.0.0/8 to 127.0.0.0/8
00200          0          0 deny ip from 127.0.0.0/8 to any
00300          0          0 deny ip from any to 127.0.0.0/8
00310          0          0 allow ip from 224.0.0.1 to any
00311        110       3960 allow ip from any to 224.0.0.1
00350          0          0 deny log argus from any to any
00351          0          0 deny log scps from any to any
00352          0          0 deny log igmp from any to any
00354          0          0 deny log netblt from any to any
00355          0          0 deny ip from 0.0.0.0 to any
00356          0          0 deny ip from any to 0.0.0.0
00357          0          0 deny ipv6-nonxt from any to any
00359          0          0 deny log trunk-2 from any to any
00360         99       6224 deny log icmp from any to any
00400        891     111330 allow ip from 205.201.9.0/24 to me setup
keep-state
00410          0          0 allow ip from 151.201.141.231 to me setup
keep-state
00420          0          0 deny ip from any to me dst-port 22
00450       1272     539440 allow ip from any to me dst-port 25 setup
keep-state
00451        151      12032 allow ip from me to any dst-port 21 setup
keep-state
00452          0          0 allow ip from me to any dst-port 20 setup
keep-state
00453      11513    1798157 allow ip from me to any dst-port 80 setup
keep-state
00454         11       1457 allow ip from me to any dst-port 443 setup
keep-state
00455          0          0 allow ip from any 20 to me setup keep-state
00457          0          0 allow ip from me to any dst-port 22 setup
keep-state
00458          0          0 allow ip from any 25 to me setup keep-state
00459          0          0 allow ip from any to me dst-port 80 setup
keep-state
00498       2373     267409 allow ip from any to me
00499       6267    1635428 allow ip from me to any
00520          0          0 allow ip from 224.0.0.1 to any
00530          0          0 allow ip from any to 224.0.0.1
00800         11        739 allow udp from any to 207.69.188.200 dst-port 53
00810         22      10768 allow udp from 207.69.188.200 53 to any
00820        250      15731 allow udp from any to 64.65.223.6 dst-port 53
00830        498     141930 allow udp from 64.65.223.6 53 to any
00840         94       6784 allow udp from any to any dst-port 53
00841        122      36608 allow udp from any 53 to any
00850          0          0 allow ip from 255.255.255.255 to any
00860        232      70064 allow ip from any to 255.255.255.255
00998         82      18216 allow ip from 192.168.1.0/24 to 192.168.1.0/24
not via xl0
00999          0          0 check-state
01000          0          0 allow ip from any to 192.168.1.5 dst-port 25
setup keep-state
01010       1115     517038 allow ip from any to 192.168.1.5 dst-port 80
setup keep-state
01020          0          0 allow ip from any to 192.168.1.5 dst-port 2500
setup keep-state
01100        332      49019 allow ip from 192.168.1.5 to any dst-port 25
setup keep-state
01110       1177     978983 allow ip from 192.168.1.5 to any dst-port 80
setup keep-state
01115          0          0 allow ip from 192.168.1.5 to any dst-port 443
setup keep-state
01120          0          0 allow ip from 192.168.1.5 to any dst-port 21
setup keep-state
01125          0          0 allow ip from 192.168.1.5 to any dst-port 20
setup keep-state
01130          0          0 allow ip from 192.168.1.5 20 to any setup
keep-state
01998         83       3704 deny log ip from 192.168.1.5 to any
01999         36       1440 deny log ip from any to 192.168.1.5
02010          0          0 allow ip from 192.168.1.0/24 to any dst-port 20
setup keep-state
02020      40906   23355938 allow ip from 192.168.1.0/24 to any dst-port 80
setup keep-state
02030         39      20505 allow ip from 192.168.1.0/24 to any dst-port 443
setup keep-state
02040          0          0 allow ip from 192.168.1.0/24 to any dst-port 21
setup keep-state
02050          0          0 allow ip from 192.168.1.0/24 20 to any setup
keep-state
65000       1968     176664 deny log ip from any to any
65535          0          0 deny ip from any to any
## Dynamic rules (105):
02020         10       2859 (0s) STATE tcp 192.168.1.22 2943 <->
65.54.194.59 80
01010        260     145073 (0s) STATE tcp 67.165.52.118 61735 <->
192.168.1.5 80
01010         62      25228 (0s) STATE tcp 67.165.52.118 61734 <->
192.168.1.5 80
00450         23       1680 (0s) STATE tcp 66.118.177.230 31470 <->
64.179.35.23 25
01010        167      84950 (0s) STATE tcp 67.165.52.118 61739 <->
192.168.1.5 80
01010         16       2474 (0s) STATE tcp 67.165.52.118 61737 <->
192.168.1.5 80
00453         18       8792 (0s) STATE tcp 64.179.35.23 1369 <->
63.111.24.21 80
01010          9       1148 (0s) STATE tcp 67.165.52.118 61743 <->
192.168.1.5 80
02020        116      56383 (0s) STATE tcp 192.168.1.101 1388 <->
64.65.208.72 80
02020         10       2210 (0s) STATE tcp 192.168.1.101 1382 <->
64.65.208.71 80
02020         23      12664 (0s) STATE tcp 192.168.1.101 1384 <->
64.65.208.72 80
02020         66      26546 (0s) STATE tcp 192.168.1.101 1386 <->
64.65.208.72 80
00453          5        558 (0s) STATE tcp 64.179.35.23 1352 <-> 56.0.134.22
80
02020         30      10124 (0s) STATE tcp 192.168.1.101 1383 <->
64.65.208.72 80
02020         19      10674 (0s) STATE tcp 192.168.1.101 1378 <->
216.39.69.76 80
02020         87      83654 (0s) STATE tcp 192.168.1.22 2971 <->
207.68.173.254 80
02020         33      16730 (0s) STATE tcp 192.168.1.22 2859 <-> 207.91.5.68
80
00453          4        597 (0s) STATE tcp 64.179.35.23 1376 <->
216.73.86.13 80
02020         47      24913 (0s) STATE tcp 192.168.1.22 2857 <-> 207.91.5.68
80
00453         11        698 (0s) STATE tcp 64.179.35.23 2856 <-> 207.91.5.68
80
02020         10       2000 (0s) STATE tcp 192.168.1.22 2560 <->
65.205.8.106 80
00453          5       1273 (0s) STATE tcp 64.179.35.23 1395 <->
216.52.17.116 80
00453          6       1143 (0s) STATE tcp 64.179.35.23 1392 <->
216.52.17.116 80
02020          8       1136 (0s) STATE tcp 192.168.1.22 2830 <->
216.27.102.15 80
00453          5        968 (0s) STATE tcp 64.179.35.23 1372 <->
206.65.183.80 80
02020         12       5126 (0s) STATE tcp 192.168.1.101 1313 <->
64.65.208.71 80
00450          8        388 (0s) STATE tcp 208.17.205.133 1246 <->
64.179.35.23 25
00400        890     111270 (300s) STATE tcp 205.201.9.222 56200 <->
64.179.35.23 22
02020         12       1253 (0s) STATE tcp 192.168.1.101 1376 <->
216.73.86.13 80
00453          4        592 (0s) STATE tcp 64.179.35.23 2777 <->
143.231.86.196 80
02020         12       1342 (0s) STATE tcp 192.168.1.22 2777 <->
143.231.86.196 80
00450         28       7929 (0s) STATE tcp 207.69.231.40 4731 <->
64.179.35.23 25
00451         67       5443 (0s) STATE tcp 64.179.35.23 53377 <->
205.201.9.227 21
00453          7        862 (0s) STATE tcp 64.179.35.23 1378 <->
216.39.69.76 80
00453          7        862 (0s) STATE tcp 64.179.35.23 1377 <->
216.39.69.76 80
00450         28       3078 (0s) STATE tcp 68.95.226.39 2373 <->
64.179.35.23 25
00453          4        527 (0s) STATE tcp 64.179.35.23 2801 <->
143.231.86.196 80
02020         12       1105 (0s) STATE tcp 192.168.1.22 2807 <->
143.231.86.196 80
00453          1         40 (0s) STATE tcp 64.179.35.23 2806 <->
143.231.86.196 80
00453         10       1182 (0s) STATE tcp 64.179.35.23 2805 <->
143.231.86.196 80
02020         38      27372 (0s) STATE tcp 192.168.1.22 2805 <->
143.231.86.196 80
02020         10       1543 (0s) STATE tcp 192.168.1.22 2976 <->
65.54.140.158 80
02020         12       1105 (0s) STATE tcp 192.168.1.22 2809 <->
143.231.86.196 80
00453          4        529 (0s) STATE tcp 64.179.35.23 2808 <->
143.231.86.196 80
02020         86      77940 (0s) STATE tcp 192.168.1.22 2941 <->
64.65.208.71 80
02020         12       1105 (0s) STATE tcp 192.168.1.22 2813 <->
143.231.86.196 80
00453          4        529 (0s) STATE tcp 64.179.35.23 2812 <->
143.231.86.196 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2639 <->
128.121.26.136 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2638 <->
128.121.26.136 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2637 <->
128.121.26.136 80
02020         17       9707 (0s) STATE tcp 192.168.1.22 2866 <->
209.195.176.247 80
00453          5        604 (0s) STATE tcp 64.179.35.23 2867 <->
209.195.176.247 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2634 <->
128.121.26.136 80
00453          6        938 (0s) STATE tcp 64.179.35.23 2957 <->
209.225.33.67 80
02020         10       1929 (0s) STATE tcp 192.168.1.22 2945 <->
216.39.69.76 80
00453          4        671 (0s) STATE tcp 64.179.35.23 2944 <->
216.39.69.76 80
00453          5        598 (0s) STATE tcp 64.179.35.23 2877 <->
209.195.176.247 80
02020         15       2241 (0s) STATE tcp 192.168.1.22 2876 <->
209.195.176.247 80
00453          5        549 (0s) STATE tcp 64.179.35.23 2949 <->
216.39.69.76 80
02020         11       1295 (0s) STATE tcp 192.168.1.22 2949 <->
216.39.69.76 80
00453          6        722 (0s) STATE tcp 64.179.35.23 2964 <->
209.225.33.67 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2651 <->
128.121.26.136 80
00453          5        520 (0s) STATE tcp 64.179.35.23 2650 <->
128.121.26.136 80
00453          5        772 (0s) STATE tcp 64.179.35.23 2746 <->
216.109.117.106 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2643 <->
128.121.26.136 80
00453          4        519 (0s) STATE tcp 64.179.35.23 2937 <->
65.54.140.158 80
00450         22       3072 (0s) STATE tcp 207.69.231.40 1415 <->
64.179.35.23 25
02020         14       1218 (0s) STATE tcp 192.168.1.100 2591 <->
128.121.26.136 80
02020         22      15737 (0s) STATE tcp 192.168.1.22 2725 <->
64.65.208.71 80
00453          1         40 (0s) STATE tcp 64.179.35.23 2724 <->
64.65.208.71 80
00453          5        520 (0s) STATE tcp 64.179.35.23 2665 <->
128.121.26.136 80
00453          5        520 (0s) STATE tcp 64.179.35.23 2664 <->
128.121.26.136 80
02020         11       1165 (0s) STATE tcp 192.168.1.100 2645 <->
64.124.109.200 80
00453          4        480 (0s) STATE tcp 64.179.35.23 2661 <->
128.121.26.136 80
00453          4        639 (0s) STATE tcp 64.179.35.23 2933 <->
65.54.140.158 80
02020         10       1663 (0s) STATE tcp 192.168.1.22 2933 <->
65.54.140.158 80
02020         10       1697 (0s) STATE tcp 192.168.1.22 2961 <->
216.73.87.102 80
00450         19       1484 (0s) STATE tcp 66.118.177.230 33626 <->
64.179.35.23 25
02020         10       2812 (0s) STATE tcp 192.168.1.22 2713 <->
216.73.86.105 80
00453          5        723 (0s) STATE tcp 64.179.35.23 2712 <->
216.73.86.105 80
02020         17      10529 (0s) STATE tcp 192.168.1.22 2712 <->
216.73.86.105 80
00453          4        598 (0s) STATE tcp 64.179.35.23 2713 <->
216.73.86.105 80
02020         17      10167 (0s) STATE tcp 192.168.1.22 2711 <->
216.73.86.105 80
00453          4        523 (0s) STATE tcp 64.179.35.23 2710 <->
216.73.86.105 80
00453         20       1316 (0s) STATE tcp 64.179.35.23 2834 <->
66.218.71.233 80
00453          1         40 (0s) STATE tcp 64.179.35.23 2657 <->
216.157.112.153 80
02020          8       1324 (0s) STATE tcp 192.168.1.22 2656 <->
216.157.112.153 80
02020         15       1212 (0s) STATE tcp 192.168.1.100 2664 <->
128.121.26.136 80
02020         15       1212 (0s) STATE tcp 192.168.1.100 2665 <->
128.121.26.136 80
02020         14       1172 (0s) STATE tcp 192.168.1.100 2661 <->
128.121.26.136 80
02020       2234     588879 (258s) STATE tcp 192.168.1.22 2208 <->
207.46.110.4 80
02020         14       1218 (0s) STATE tcp 192.168.1.100 2651 <->
128.121.26.136 80
02020         14       1218 (0s) STATE tcp 192.168.1.100 2646 <->
128.121.26.136 80
02020         14       1172 (0s) STATE tcp 192.168.1.100 2647 <->
128.121.26.136 80
02020         15       1677 (0s) STATE tcp 192.168.1.100 2642 <->
128.121.26.136 80
00453          6        642 (0s) STATE tcp 64.179.35.23 2880 <->
209.195.176.247 80
02020         15       1672 (0s) STATE tcp 192.168.1.22 2881 <->
209.195.176.247 80
02020         14       1172 (0s) STATE tcp 192.168.1.100 2637 <->
128.121.26.136 80
02020         14       1172 (0s) STATE tcp 192.168.1.100 2638 <->
128.121.26.136 80
00453          6        646 (0s) STATE tcp 64.179.35.23 2885 <->
209.195.176.247 80
02020         15       2479 (0s) STATE tcp 192.168.1.22 2884 <->
209.195.176.247 80
02020         14       1218 (0s) STATE tcp 192.168.1.100 2634 <->
128.121.26.136 80
00450         22       5933 (0s) STATE tcp 207.69.231.40 3549 <->
64.179.35.23 25
17803 51868116715982822 207007877431296 (-1014956032s) nsfnet-igp
182.141.195.93 0 <-> 95.94.91.124 0
54357 103166144177045504 17130536501248 (244479s) proto 212 1.138.233.0
17805 <-> 0.0.1.186 0
25648 7005922216430549619 7234316394206028643 (1919246953s) proto 114
115.35.10.35 25459 <-> 10.35.35.10 25205
28773 746535686742044009 7237131173698865443 (1819176809s) gmtp
112.104.115.101 28521 <-> 114.102.101.114 29285

-- 
Mark J. Nernberg
Downtown Help Desk
IT Specialist
(412)478-6262

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BD08DDC6.5ADE%m>