IPFW2 strange issues on BSD-5.2.1
m
m at telerama.com
Mon Jun 28 14:38:37 PDT 2004
I'm using FreeBSD 5.2.1 with IPFW2 as a firewall/router on a network.
I'm seeing some very strange things in the dynamic ruleset. The last 4
entries in the list are the issues. You can see that none of the informatin
in the last 4 dynamic rules makes any sense -- not the #/packets or bytes,
the rule #, or even the protocol. The IP addresses referred to are not
local to any part of the network, and some aren't even listed in the
appropriate WHOIS database.
I'm totally lost on this. Any help would be appreciated, including
suggestions as to how to generate better log information. Nothing shows in
my logs, either.
Interestingly, these last (wierd) rules appear & disappear at random
intervals, with different information each time -- different rule numebrs
(but non-existent in my ruleset), different Ips, and different protocols.
host-64-179-35-23# ipfw -de show
00050 35654 14976392 divert 8668 ip from any to any via xl0
00100 2988 2071714 allow ip from 127.0.0.0/8 to 127.0.0.0/8
00200 0 0 deny ip from 127.0.0.0/8 to any
00300 0 0 deny ip from any to 127.0.0.0/8
00310 0 0 allow ip from 224.0.0.1 to any
00311 110 3960 allow ip from any to 224.0.0.1
00350 0 0 deny log argus from any to any
00351 0 0 deny log scps from any to any
00352 0 0 deny log igmp from any to any
00354 0 0 deny log netblt from any to any
00355 0 0 deny ip from 0.0.0.0 to any
00356 0 0 deny ip from any to 0.0.0.0
00357 0 0 deny ipv6-nonxt from any to any
00359 0 0 deny log trunk-2 from any to any
00360 99 6224 deny log icmp from any to any
00400 891 111330 allow ip from 205.201.9.0/24 to me setup
keep-state
00410 0 0 allow ip from 151.201.141.231 to me setup
keep-state
00420 0 0 deny ip from any to me dst-port 22
00450 1272 539440 allow ip from any to me dst-port 25 setup
keep-state
00451 151 12032 allow ip from me to any dst-port 21 setup
keep-state
00452 0 0 allow ip from me to any dst-port 20 setup
keep-state
00453 11513 1798157 allow ip from me to any dst-port 80 setup
keep-state
00454 11 1457 allow ip from me to any dst-port 443 setup
keep-state
00455 0 0 allow ip from any 20 to me setup keep-state
00457 0 0 allow ip from me to any dst-port 22 setup
keep-state
00458 0 0 allow ip from any 25 to me setup keep-state
00459 0 0 allow ip from any to me dst-port 80 setup
keep-state
00498 2373 267409 allow ip from any to me
00499 6267 1635428 allow ip from me to any
00520 0 0 allow ip from 224.0.0.1 to any
00530 0 0 allow ip from any to 224.0.0.1
00800 11 739 allow udp from any to 207.69.188.200 dst-port 53
00810 22 10768 allow udp from 207.69.188.200 53 to any
00820 250 15731 allow udp from any to 64.65.223.6 dst-port 53
00830 498 141930 allow udp from 64.65.223.6 53 to any
00840 94 6784 allow udp from any to any dst-port 53
00841 122 36608 allow udp from any 53 to any
00850 0 0 allow ip from 255.255.255.255 to any
00860 232 70064 allow ip from any to 255.255.255.255
00998 82 18216 allow ip from 192.168.1.0/24 to 192.168.1.0/24
not via xl0
00999 0 0 check-state
01000 0 0 allow ip from any to 192.168.1.5 dst-port 25
setup keep-state
01010 1115 517038 allow ip from any to 192.168.1.5 dst-port 80
setup keep-state
01020 0 0 allow ip from any to 192.168.1.5 dst-port 2500
setup keep-state
01100 332 49019 allow ip from 192.168.1.5 to any dst-port 25
setup keep-state
01110 1177 978983 allow ip from 192.168.1.5 to any dst-port 80
setup keep-state
01115 0 0 allow ip from 192.168.1.5 to any dst-port 443
setup keep-state
01120 0 0 allow ip from 192.168.1.5 to any dst-port 21
setup keep-state
01125 0 0 allow ip from 192.168.1.5 to any dst-port 20
setup keep-state
01130 0 0 allow ip from 192.168.1.5 20 to any setup
keep-state
01998 83 3704 deny log ip from 192.168.1.5 to any
01999 36 1440 deny log ip from any to 192.168.1.5
02010 0 0 allow ip from 192.168.1.0/24 to any dst-port 20
setup keep-state
02020 40906 23355938 allow ip from 192.168.1.0/24 to any dst-port 80
setup keep-state
02030 39 20505 allow ip from 192.168.1.0/24 to any dst-port 443
setup keep-state
02040 0 0 allow ip from 192.168.1.0/24 to any dst-port 21
setup keep-state
02050 0 0 allow ip from 192.168.1.0/24 20 to any setup
keep-state
65000 1968 176664 deny log ip from any to any
65535 0 0 deny ip from any to any
## Dynamic rules (105):
02020 10 2859 (0s) STATE tcp 192.168.1.22 2943 <->
65.54.194.59 80
01010 260 145073 (0s) STATE tcp 67.165.52.118 61735 <->
192.168.1.5 80
01010 62 25228 (0s) STATE tcp 67.165.52.118 61734 <->
192.168.1.5 80
00450 23 1680 (0s) STATE tcp 66.118.177.230 31470 <->
64.179.35.23 25
01010 167 84950 (0s) STATE tcp 67.165.52.118 61739 <->
192.168.1.5 80
01010 16 2474 (0s) STATE tcp 67.165.52.118 61737 <->
192.168.1.5 80
00453 18 8792 (0s) STATE tcp 64.179.35.23 1369 <->
63.111.24.21 80
01010 9 1148 (0s) STATE tcp 67.165.52.118 61743 <->
192.168.1.5 80
02020 116 56383 (0s) STATE tcp 192.168.1.101 1388 <->
64.65.208.72 80
02020 10 2210 (0s) STATE tcp 192.168.1.101 1382 <->
64.65.208.71 80
02020 23 12664 (0s) STATE tcp 192.168.1.101 1384 <->
64.65.208.72 80
02020 66 26546 (0s) STATE tcp 192.168.1.101 1386 <->
64.65.208.72 80
00453 5 558 (0s) STATE tcp 64.179.35.23 1352 <-> 56.0.134.22
80
02020 30 10124 (0s) STATE tcp 192.168.1.101 1383 <->
64.65.208.72 80
02020 19 10674 (0s) STATE tcp 192.168.1.101 1378 <->
216.39.69.76 80
02020 87 83654 (0s) STATE tcp 192.168.1.22 2971 <->
207.68.173.254 80
02020 33 16730 (0s) STATE tcp 192.168.1.22 2859 <-> 207.91.5.68
80
00453 4 597 (0s) STATE tcp 64.179.35.23 1376 <->
216.73.86.13 80
02020 47 24913 (0s) STATE tcp 192.168.1.22 2857 <-> 207.91.5.68
80
00453 11 698 (0s) STATE tcp 64.179.35.23 2856 <-> 207.91.5.68
80
02020 10 2000 (0s) STATE tcp 192.168.1.22 2560 <->
65.205.8.106 80
00453 5 1273 (0s) STATE tcp 64.179.35.23 1395 <->
216.52.17.116 80
00453 6 1143 (0s) STATE tcp 64.179.35.23 1392 <->
216.52.17.116 80
02020 8 1136 (0s) STATE tcp 192.168.1.22 2830 <->
216.27.102.15 80
00453 5 968 (0s) STATE tcp 64.179.35.23 1372 <->
206.65.183.80 80
02020 12 5126 (0s) STATE tcp 192.168.1.101 1313 <->
64.65.208.71 80
00450 8 388 (0s) STATE tcp 208.17.205.133 1246 <->
64.179.35.23 25
00400 890 111270 (300s) STATE tcp 205.201.9.222 56200 <->
64.179.35.23 22
02020 12 1253 (0s) STATE tcp 192.168.1.101 1376 <->
216.73.86.13 80
00453 4 592 (0s) STATE tcp 64.179.35.23 2777 <->
143.231.86.196 80
02020 12 1342 (0s) STATE tcp 192.168.1.22 2777 <->
143.231.86.196 80
00450 28 7929 (0s) STATE tcp 207.69.231.40 4731 <->
64.179.35.23 25
00451 67 5443 (0s) STATE tcp 64.179.35.23 53377 <->
205.201.9.227 21
00453 7 862 (0s) STATE tcp 64.179.35.23 1378 <->
216.39.69.76 80
00453 7 862 (0s) STATE tcp 64.179.35.23 1377 <->
216.39.69.76 80
00450 28 3078 (0s) STATE tcp 68.95.226.39 2373 <->
64.179.35.23 25
00453 4 527 (0s) STATE tcp 64.179.35.23 2801 <->
143.231.86.196 80
02020 12 1105 (0s) STATE tcp 192.168.1.22 2807 <->
143.231.86.196 80
00453 1 40 (0s) STATE tcp 64.179.35.23 2806 <->
143.231.86.196 80
00453 10 1182 (0s) STATE tcp 64.179.35.23 2805 <->
143.231.86.196 80
02020 38 27372 (0s) STATE tcp 192.168.1.22 2805 <->
143.231.86.196 80
02020 10 1543 (0s) STATE tcp 192.168.1.22 2976 <->
65.54.140.158 80
02020 12 1105 (0s) STATE tcp 192.168.1.22 2809 <->
143.231.86.196 80
00453 4 529 (0s) STATE tcp 64.179.35.23 2808 <->
143.231.86.196 80
02020 86 77940 (0s) STATE tcp 192.168.1.22 2941 <->
64.65.208.71 80
02020 12 1105 (0s) STATE tcp 192.168.1.22 2813 <->
143.231.86.196 80
00453 4 529 (0s) STATE tcp 64.179.35.23 2812 <->
143.231.86.196 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2639 <->
128.121.26.136 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2638 <->
128.121.26.136 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2637 <->
128.121.26.136 80
02020 17 9707 (0s) STATE tcp 192.168.1.22 2866 <->
209.195.176.247 80
00453 5 604 (0s) STATE tcp 64.179.35.23 2867 <->
209.195.176.247 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2634 <->
128.121.26.136 80
00453 6 938 (0s) STATE tcp 64.179.35.23 2957 <->
209.225.33.67 80
02020 10 1929 (0s) STATE tcp 192.168.1.22 2945 <->
216.39.69.76 80
00453 4 671 (0s) STATE tcp 64.179.35.23 2944 <->
216.39.69.76 80
00453 5 598 (0s) STATE tcp 64.179.35.23 2877 <->
209.195.176.247 80
02020 15 2241 (0s) STATE tcp 192.168.1.22 2876 <->
209.195.176.247 80
00453 5 549 (0s) STATE tcp 64.179.35.23 2949 <->
216.39.69.76 80
02020 11 1295 (0s) STATE tcp 192.168.1.22 2949 <->
216.39.69.76 80
00453 6 722 (0s) STATE tcp 64.179.35.23 2964 <->
209.225.33.67 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2651 <->
128.121.26.136 80
00453 5 520 (0s) STATE tcp 64.179.35.23 2650 <->
128.121.26.136 80
00453 5 772 (0s) STATE tcp 64.179.35.23 2746 <->
216.109.117.106 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2643 <->
128.121.26.136 80
00453 4 519 (0s) STATE tcp 64.179.35.23 2937 <->
65.54.140.158 80
00450 22 3072 (0s) STATE tcp 207.69.231.40 1415 <->
64.179.35.23 25
02020 14 1218 (0s) STATE tcp 192.168.1.100 2591 <->
128.121.26.136 80
02020 22 15737 (0s) STATE tcp 192.168.1.22 2725 <->
64.65.208.71 80
00453 1 40 (0s) STATE tcp 64.179.35.23 2724 <->
64.65.208.71 80
00453 5 520 (0s) STATE tcp 64.179.35.23 2665 <->
128.121.26.136 80
00453 5 520 (0s) STATE tcp 64.179.35.23 2664 <->
128.121.26.136 80
02020 11 1165 (0s) STATE tcp 192.168.1.100 2645 <->
64.124.109.200 80
00453 4 480 (0s) STATE tcp 64.179.35.23 2661 <->
128.121.26.136 80
00453 4 639 (0s) STATE tcp 64.179.35.23 2933 <->
65.54.140.158 80
02020 10 1663 (0s) STATE tcp 192.168.1.22 2933 <->
65.54.140.158 80
02020 10 1697 (0s) STATE tcp 192.168.1.22 2961 <->
216.73.87.102 80
00450 19 1484 (0s) STATE tcp 66.118.177.230 33626 <->
64.179.35.23 25
02020 10 2812 (0s) STATE tcp 192.168.1.22 2713 <->
216.73.86.105 80
00453 5 723 (0s) STATE tcp 64.179.35.23 2712 <->
216.73.86.105 80
02020 17 10529 (0s) STATE tcp 192.168.1.22 2712 <->
216.73.86.105 80
00453 4 598 (0s) STATE tcp 64.179.35.23 2713 <->
216.73.86.105 80
02020 17 10167 (0s) STATE tcp 192.168.1.22 2711 <->
216.73.86.105 80
00453 4 523 (0s) STATE tcp 64.179.35.23 2710 <->
216.73.86.105 80
00453 20 1316 (0s) STATE tcp 64.179.35.23 2834 <->
66.218.71.233 80
00453 1 40 (0s) STATE tcp 64.179.35.23 2657 <->
216.157.112.153 80
02020 8 1324 (0s) STATE tcp 192.168.1.22 2656 <->
216.157.112.153 80
02020 15 1212 (0s) STATE tcp 192.168.1.100 2664 <->
128.121.26.136 80
02020 15 1212 (0s) STATE tcp 192.168.1.100 2665 <->
128.121.26.136 80
02020 14 1172 (0s) STATE tcp 192.168.1.100 2661 <->
128.121.26.136 80
02020 2234 588879 (258s) STATE tcp 192.168.1.22 2208 <->
207.46.110.4 80
02020 14 1218 (0s) STATE tcp 192.168.1.100 2651 <->
128.121.26.136 80
02020 14 1218 (0s) STATE tcp 192.168.1.100 2646 <->
128.121.26.136 80
02020 14 1172 (0s) STATE tcp 192.168.1.100 2647 <->
128.121.26.136 80
02020 15 1677 (0s) STATE tcp 192.168.1.100 2642 <->
128.121.26.136 80
00453 6 642 (0s) STATE tcp 64.179.35.23 2880 <->
209.195.176.247 80
02020 15 1672 (0s) STATE tcp 192.168.1.22 2881 <->
209.195.176.247 80
02020 14 1172 (0s) STATE tcp 192.168.1.100 2637 <->
128.121.26.136 80
02020 14 1172 (0s) STATE tcp 192.168.1.100 2638 <->
128.121.26.136 80
00453 6 646 (0s) STATE tcp 64.179.35.23 2885 <->
209.195.176.247 80
02020 15 2479 (0s) STATE tcp 192.168.1.22 2884 <->
209.195.176.247 80
02020 14 1218 (0s) STATE tcp 192.168.1.100 2634 <->
128.121.26.136 80
00450 22 5933 (0s) STATE tcp 207.69.231.40 3549 <->
64.179.35.23 25
17803 51868116715982822 207007877431296 (-1014956032s) nsfnet-igp
182.141.195.93 0 <-> 95.94.91.124 0
54357 103166144177045504 17130536501248 (244479s) proto 212 1.138.233.0
17805 <-> 0.0.1.186 0
25648 7005922216430549619 7234316394206028643 (1919246953s) proto 114
115.35.10.35 25459 <-> 10.35.35.10 25205
28773 746535686742044009 7237131173698865443 (1819176809s) gmtp
112.104.115.101 28521 <-> 114.102.101.114 29285
--
Mark J. Nernberg
Downtown Help Desk
IT Specialist
(412)478-6262
More information about the freebsd-questions
mailing list