Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Firewall message in message.log
« previous next »
Pages: [1]   Go Down

Firewall message in message.log

  • 2 Replies
  • 2144 Views

Tomagain

Firewall message in message.log
« on: March 06, 2006, 10:23:41 PM »
Hi, after reconfiguration (server is on static ip behind a router)
i have these logs all the time:

messages:

21:40:56 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.96.32 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6860 DF PROTO=TCP SPT=4268 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:40:59 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.96.32 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6962 DF PROTO=TCP SPT=4268 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:07 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.34.85 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=46752 DF PROTO=TCP SPT=3898 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:10 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.34.85 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=47163 DF PROTO=TCP SPT=3898 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:18 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.33.238 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=29795 DF PROTO=TCP SPT=4600 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:19 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.33.238 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=29897 DF PROTO=TCP SPT=4600 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:21 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.30.42 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=50599 DF PROTO=TCP SPT=1277 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:32 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.45.95 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=21019 DF PROTO=TCP SPT=4502 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0


The SRC adresses seems to be on the ipblock of my provider.
Do anybody know what is the cause?
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Firewall message in message.log
« Reply #1 on: March 06, 2006, 11:43:47 PM »
Quote from: "Tomagain"

Do anybody know what is the cause?


Windows viruses/trojans.
Logged

Tomagain

Firewall message in message.log
« Reply #2 on: March 07, 2006, 10:08:20 AM »
Ah thanks.

@Charlie Brady:
I have a further problem:

i put the sme behind another router:
my networks:
wan pppoe 82.207.157.176/29
lan as bridged 82.207.157.176/29
opt1 (private =lan) 192.168.1.0/24

server "sme" in 192.168.1.0/24
sme: nic local 192.168.1.1 nic public 82.207.157.179, server / gateway mode

from my client in 192.168.1.0/24 (gateway router) i canĀ“t access on 82.207.157.179
if i change the local subnet on sme from 192.168.1.0/24 to 192.168.2.0/24 access via the public way = 82.207.157.179 is possible.

Do you know why iptables is blocking?
I checked out the routing with other non firewalled "public" nodes there is noc problem...
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Firewall message in message.log