Vadim Kurland ✈ wrote:
>
> On Mar 21, 2006, at 12:28 PM, Robin Bowes wrote:
>
>> Hi,
>>
>> I'm using fwbuilder to create a firewall for an FC4 server named "dude"
>>
>> These are my last 3 rules (on the policy tab):
>>
>> # Source Dest Service Action Options
>> ==================================================
>> ...
>> 6. Int. Nets dude Any Allow Log
>> 7. dude Any Any Allow Log
>> 8 Any Any Any Deny Log
>>
>> Int. Nets is a group containing:
>>
>> 192.168.1.0
>> 192.168.2.0
>> 192.168.3.0
>> 192.168.4.0
>>
>> dude has three IPs:
>>
>> 192.168.1.50 eth0
>> 192.168.1.51 eth0:1
>> 192.168.1.52 eth0:2
>>
>> My workstation (tosh) has one IP:
>>
>> 192.168.1.30
>>
>> The idea of the rules is to:
>>
>> 6. Allow any traffic into dude from hosts on my local network
>> 7. Allow outgoing traffic from dude to anywhere
>> 8. Deny anything else
>>
>> I've re-started the server and run the firewall script manually.
>>
>> I don't understand why I'm seeing the following messages in the log:
>>
>> Mar 21 20:21:56 dude kernel: RULE 8 -- DENY IN= OUT=eth0
>> SRC=192.168.1.50 DST=62.216.251.205 LEN=52 TOS=0x00 PREC=0x00 TTL=64
>> ID=42112 DF PROTO=TCP SPT=47653 DPT=80 WINDOW=1728 RES=0x00 ACK PSH FIN
>> URGP=0
>>
>
> looks like closing packet of an http session from the server to
> 62.216.251.205 The session has been closed and purged from iptables
> state table on the server before the last FIN packet was sent. Could
> you connect to that web site from the server ? David Crow has the
> same problem but I do not know the solution to it.
Yes, I can connect to the website from the server fine.
It seems to be intermittent, i.e. it doesn't always fail. Perhaps the
session needs to be kept open in the state table longer? Is this
configurable?
R.
|