Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: Tomagain on March 06, 2006, 10:23:41 PM

Title: Firewall message in message.log
Post by: Tomagain on March 06, 2006, 10:23:41 PM

Hi, after reconfiguration (server is on static ip behind a router)
i have these logs all the time:

messages:

21:40:56 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.96.32 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6860 DF PROTO=TCP SPT=4268 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:40:59 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.96.32 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6962 DF PROTO=TCP SPT=4268 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:07 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.34.85 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=46752 DF PROTO=TCP SPT=3898 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:10 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.34.85 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=47163 DF PROTO=TCP SPT=3898 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:18 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.33.238 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=29795 DF PROTO=TCP SPT=4600 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:19 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.33.238 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=29897 DF PROTO=TCP SPT=4600 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:21 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.30.42 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=50599 DF PROTO=TCP SPT=1277 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  6 21:41:32 testdomain kernel: denylog:IN=eth1 OUT= MAC=00:50:8b:bb:b4:ea:00:0d:b9:02:79:b8:08:00 SRC=82.207.45.95 DST=82.207.157.179 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=21019 DF PROTO=TCP SPT=4502 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0


The SRC adresses seems to be on the ipblock of my provider.
Do anybody know what is the cause?

Title: Re: Firewall message in message.log
Post by: CharlieBrady on March 06, 2006, 11:43:47 PM

Quote from: "Tomagain"

Do anybody know what is the cause?

Windows viruses/trojans.

Title: Firewall message in message.log
Post by: Tomagain on March 07, 2006, 10:08:20 AM

Ah thanks.

@Charlie Brady:
I have a further problem:

i put the sme behind another router:
my networks:
wan pppoe 82.207.157.176/29
lan as bridged 82.207.157.176/29
opt1 (private =lan) 192.168.1.0/24

server "sme" in 192.168.1.0/24
sme: nic local 192.168.1.1 nic public 82.207.157.179, server / gateway mode

from my client in 192.168.1.0/24 (gateway router) i can´t access on 82.207.157.179
if i change the local subnet on sme from 192.168.1.0/24 to 192.168.2.0/24 access via the public way = 82.207.157.179 is possible.

Do you know why iptables is blocking?
I checked out the routing with other non firewalled "public" nodes there is noc problem...