[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  "Manuel Kasper" <mk at neon1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Firewall question
 Date:  Fri, 14 Nov 2003 13:10:17 -0500
----- Original Message ----- 
From: "Manuel Kasper" <mk at neon1 dot net>
To: "Christopher M. Iarocci" <iarocci at eastendsc dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, November 14, 2003 12:12 PM
Subject: Re: [m0n0wall] Firewall question


> On 14.11.2003, at 18:05, Christopher M. Iarocci wrote:
>
> > Can anyone explain why I get the following entries in my firewall log
> > when I
> > clearly have a rule that allows all outbound traffic from my LAN
> > interface?
> > I see it from time to time, and don't really understand it because I
> > guess I
> > don't understand all the codes at the end of the line.
> >
> >  12:00:23.058836 2x rl0 @200:33 p 192.168.2.199,5061 ->
> > 12.144.47.27,5060 PR
> > udp len 20 301 K-S K-F IN
>
> ... @200:33 p 192.168... ---> p = pass
>
> > rules, nor do I have any block rules for the VPN lans.  I'm hoping the
> > rules
> > for the VPN allows all traffic through the tunnel, but the below log
> > entry
> > clearly shows a packet being blocked.
>
> No, it shows a packet being passed. :) Not sure why these show up,
> though. By default, only blocked packets are logged.


Maybe it is because I have port 5060 mapped to the internal address of
192.168.2.199?  Just a guess, don't know.  Thanks for the info though.  Now
I can rest easier.  :-)  All this time I was thinking they were blocked
packets.

Chris