|
||||||||
I have noticed the following rule in ipfstat -nio @17 block in log quick proto tcp from any to any We are getting the following block traffic log: Apr 4 23:13:04 m0n0wall ipmon[78]: 23:13:03.793845 rl1 @0:17 b 192.168.222.187,1677 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:04 m0n0wall ipmon[78]: 23:13:04.135305 rl1 @0:17 b 192.168.222.187,1675 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:04 m0n0wall ipmon[78]: 23:13:04.223278 rl1 @0:17 b 192.168.222.187,1678 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:04 m0n0wall ipmon[78]: 23:13:04.326783 rl1 @0:17 b 192.168.222.187,1679 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:05 m0n0wall ipmon[78]: 23:13:04.569712 rl1 @0:17 b 192.168.222.187,1680 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:05 m0n0wall ipmon[78]: 23:13:04.749627 rl1 @0:17 b 192.168.222.187,1683 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:05 m0n0wall ipmon[78]: 23:13:04.971438 rl1 @0:17 b 192.168.222.187,1685 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:05 m0n0wall ipmon[78]: 23:13:05.060978 rl1 @0:17 b 192.168.222.187,1684 -> 129.42.40.230,80 PR tcp len 20 40 -AF IN Apr 4 23:13:05 m0n0wall ipmon[78]: 23:13:05.151938 rl1 @0:17 b 192.168.222.187,1686 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:21 m0n0wall ipmon[78]: 23:13:20.748817 rl1 @0:17 b 192.168.222.187,1692 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN Apr 4 23:13:21 m0n0wall ipmon[78]: 23:13:21.339997 rl1 @0:17 b 192.168.222.187,1696 -> 216.200.68.4,80 PR tcp len 20 40 -AF IN rl1 is the LAN gateway interface xl1 is the WAN interface r10 is DMZ interface (not being used) I am unable to determine who 216.200.68.4 is. 192.168.222.187 is one of our LAN client PC's. The only traffic I am blocking at the LAN interface is telnet and 445. Why then are these packets being blocked. Is there a simple expalnation or do I need to provide more information ? I am also seeing the same kind of blocks for another "server" which we are using for a ASP web application. TIA, - Don |