|
||||||||
That is strange, as I have only one rule in the DMZ, just as specified in the documentation. Permit DMZ to * BUT LAN The only thing getting blocked should be something from the DMZ going to LAN, not WAN. Matthew Steinblock ________________________________ MKSolutions Mobile Computer Specialists PO Box 341 Auburn, NE 68305 402.274.8529 http://MKSolutions.net ________________________________ -----Original Message----- From: Denis Mirassou [mailto:Mirassou at cict dot fr] Sent: Friday, February 11, 2005 1:50 AM To: Matthew Steinblock Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Log question Matthew Steinblock wrote: > I am getting the following log entry pretty frequently lately. > > Act TIME If Source Destination > Proto > X17 22:21:53.381441 DMZ 192.168.1.100, port 80 152.163.100.139, port > 38345 TCP > > The X means blocked. What does the 17 mean. Most entries do not have > a number under Act, while others will have anything from 2 to 17. > > The DMZ is set up to allow everything except LAN. Why is this being > blocked? Why always a bunch of these entries together with just one > port difference? > > Thanks! > > > Matthew Steinblock > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch Hi, The "17" means, I think, that this event repeats 17 times. Traffic from IP 192.168.1.100, port 80 coming from your DMZ interface To destination address 152.163.100.139 port TCP 38345 is blocked. You have a firewall rule that blocks and log that, review your firewall rules. Maybe It could be http responses from a web server 192.168.1.100 port 80 to a client 152.163.100.139 ? Regards Denis -- /\ /\/ \ O / / Denis Mirassou @|~| Service Réseaux / \| Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T) |