IPFW - Allowed but Denied is shown in my logs
Srot BULL
pwd8jmr22w at me.point.ne.jp
Wed Aug 4 01:14:34 PDT 2004
Hi,
I have been seeing these logs since I started using my firewall but
since I am not having problems in my incoming-outgoing emails and access
to websites I did not bother to change anything...But, Looking at my
firewall logs and seeing the same things just woke up my curiousity and
wondered if anybody can enlighten me on what is happening...
Below are some of the information that I have copied from my
/var/log/security and pasted here:
Aug 4 10:57:26 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49312
130.89.175.51:80 out via bge0
Aug 4 11:00:49 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49312
130.89.175.51:80 out via bge0
Aug 4 11:33:45 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49352
69.55.225.12:80 out via bge0
Aug 4 11:34:10 r40e last message repeated 5 times
Aug 4 11:36:16 r40e last message repeated 3 times
Aug 4 11:40:32 r40e last message repeated 4 times
Aug 4 12:21:10 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49364
195.92.249.252:80 out via bge0
Aug 4 12:21:41 r40e last message repeated 6 times
Aug 4 12:22:55 r40e last message repeated 2 times
Aug 4 12:27:11 r40e last message repeated 4 times
Aug 4 13:24:14 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49386
216.136.204.21:80 out via bge0
Aug 4 13:24:34 r40e last message repeated 5 times
Aug 4 13:26:26 r40e last message repeated 3 times
Aug 4 13:30:42 r40e last message repeated 4 times
Aug 4 15:04:19 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49456
210.188.175.94:110 out via bge0
Aug 4 15:04:46 r40e last message repeated 7 times
Aug 4 15:06:04 r40e last message repeated 2 times
Aug 4 15:08:38 r40e last message repeated 3 times
Aug 4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49487
164.46.152.13:110 out via bge0
Aug 4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49486
164.46.152.13:110 out via bge0
Aug 4 15:36:28 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49487
164.46.152.13:110 out via bge0
Aug 4 15:44:42 r40e kernel: ipfw: 299 Deny TCP 192.168.1.35:49504
205.180.85.140:80 out via bge0
Aug 4 15:45:15 r40e last message repeated 6 times
Aug 4 15:46:44 r40e last message repeated 2 times
Aug 4 15:51:00 r40e last message repeated 4 times
This is found in my /etc/ipfw.rules
### Allow out non-secure standard www function ###
$CMD 00200 allow tcp from any to any 80 out via $IFN setup keep-state
### Allow out send & get email function ###
$CMD 00230 allow tcp from any to any 25 out via $IFN setup keep-state
$CMD 00231 allow tcp from any to any 110 out via $IFN setup keep-state
### deny and log everything else that's trying to get out. ###
### This rule enforces the block all by default logic. ###
$CMD 00299 deny log all from any to any out via $IFN
Why are the above firewall logs telling me that it has denied my TCP
packets and yet I am not experiencing some problems in my emails and
access to the internet through port 80. I still do not understand the
whole thing about firewalls and I hope that anybody can share what they
think is happening.
Thanks in advance for any comments and advice...
Srot BULL
More information about the freebsd-questions
mailing list