Date: Wed, 04 Aug 2004 17:13:51 +0900 From: Srot BULL <pwd8jmr22w@me.point.ne.jp> To: FreeBSD-questions <freebsd-questions@freebsd.org> Subject: IPFW - Allowed but Denied is shown in my logs Message-ID: <41109ABF.4090904@me.point.ne.jp>
next in thread | raw e-mail | index | archive | help
Hi, I have been seeing these logs since I started using my firewall but since I am not having problems in my incoming-outgoing emails and access to websites I did not bother to change anything...But, Looking at my firewall logs and seeing the same things just woke up my curiousity and wondered if anybody can enlighten me on what is happening... Below are some of the information that I have copied from my /var/log/security and pasted here: Aug 4 10:57:26 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49312 130.89.175.51:80 out via bge0 Aug 4 11:00:49 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49312 130.89.175.51:80 out via bge0 Aug 4 11:33:45 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49352 69.55.225.12:80 out via bge0 Aug 4 11:34:10 r40e last message repeated 5 times Aug 4 11:36:16 r40e last message repeated 3 times Aug 4 11:40:32 r40e last message repeated 4 times Aug 4 12:21:10 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49364 195.92.249.252:80 out via bge0 Aug 4 12:21:41 r40e last message repeated 6 times Aug 4 12:22:55 r40e last message repeated 2 times Aug 4 12:27:11 r40e last message repeated 4 times Aug 4 13:24:14 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49386 216.136.204.21:80 out via bge0 Aug 4 13:24:34 r40e last message repeated 5 times Aug 4 13:26:26 r40e last message repeated 3 times Aug 4 13:30:42 r40e last message repeated 4 times Aug 4 15:04:19 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49456 210.188.175.94:110 out via bge0 Aug 4 15:04:46 r40e last message repeated 7 times Aug 4 15:06:04 r40e last message repeated 2 times Aug 4 15:08:38 r40e last message repeated 3 times Aug 4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49487 164.46.152.13:110 out via bge0 Aug 4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49486 164.46.152.13:110 out via bge0 Aug 4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49487 164.46.152.13:110 out via bge0 Aug 4 15:44:42 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49504 205.180.85.140:80 out via bge0 Aug 4 15:45:15 r40e last message repeated 6 times Aug 4 15:46:44 r40e last message repeated 2 times Aug 4 15:51:00 r40e last message repeated 4 times This is found in my /etc/ipfw.rules ### Allow out non-secure standard www function ### $CMD 00200 allow tcp from any to any 80 out via $IFN setup keep-state ### Allow out send & get email function ### $CMD 00230 allow tcp from any to any 25 out via $IFN setup keep-state $CMD 00231 allow tcp from any to any 110 out via $IFN setup keep-state ### deny and log everything else that's trying to get out. ### ### This rule enforces the block all by default logic. ### $CMD 00299 deny log all from any to any out via $IFN Why are the above firewall logs telling me that it has denied my TCP packets and yet I am not experiencing some problems in my emails and access to the internet through port 80. I still do not understand the whole thing about firewalls and I hope that anybody can share what they think is happening. Thanks in advance for any comments and advice... Srot BULL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41109ABF.4090904>