Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Jun 2004 16:55:22 +0100
From:      Robert Downes <nullentropy@lineone.net>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: Blocked outbound traffic - what is it?
Message-ID:  <40D3106A.9030403@lineone.net>
In-Reply-To: <000d01c4554a$906deac0$af00a8c0@orange>
References:  <40D301EA.3080606@lineone.net> <000d01c4554a$906deac0$af00a8c0@orange>
next in thread | previous in thread | raw e-mail | index | archive | help 
Matthew McGehrin wrote:

>You need to post your ruleset to the list along with some of your log's, or
>your not going to get a response.
>
The ruleset is the one posted to this list recently:

    
http://lists.freebsd.org/mailman/htdig/freebsd-ipfw/2004-June/001182.html

and some of the output of `cat /var/log/security | grep out`:

Jun 18 15:32:37 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3066 
64.158.223.128:80 out via rl0
Jun 18 16:03:39 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3113 
216.136.173.10:110 out via rl0
Jun 18 16:07:56 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3118 
213.189.140.44:80 out via rl0
Jun 18 16:09:45 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3123 
216.136.173.10:110 out via rl0
Jun 18 16:23:39 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3136 
216.136.173.10:110 out via rl0
Jun 18 16:31:53 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3181 
65.59.207.13:80 out via rl0
Jun 18 16:31:58 epia kernel: ipfw: 450 Deny TCP 192.168.1.102:3181 
65.59.207.13:80 out via rl0

These are just a few of many similar entries. The requests to port 110 
are to a legitimate mail server. The requests to port 80 seem to be to 
banner-ad addresses, and to addresses that are legitimate but are not 
the same IP as the original browser request.

But my point is: what feature of these packets is making them fail the 
filter, and why do I not seem to be missing anything on the pages (such 
as banner ads) even though requests are being blocked?

If it's perfectly reasonable for these packets to be denied, then I'm 
happy with that. But I'm worried that something important is being 
killed on the spot. (Even though I can't work out what.)

-- 
Bob

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D3106A.9030403>