[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  berek at rz dot uni dash leipzig dot de
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: firewall lets ports pass although blocked
 Date:  Sat, 12 Nov 2005 11:37:33 +0500
> here is on line of the output of the firewall state:
>
> Source          Port    Destination     Port    Protocol  Packets       Bytes   TTL
> 10.11.77.5      1073    137.226.34.227  55413   tcp     775555        756769468
> 2:30:00
>
> the connection has *destination* port 55413, and that one is not in the allow
> list. hmpf. i'm helpless.
>

I suspect that this is part of a ftp download. The port and the number
of bytes point to it. Also the ip address 137.226.34.227 is that of 
sunsite.informatik.RWTH-Aachen.DE  ;  I only access sunsites are for
ftp downloads...

if you initiate an ftp download then the m0n0 will allow other ports
to be used for that session/connection.

sai