On Thu, 2006-02-09 at 16:08 -0500, Jesse Spangenberger
wrote:> Here's the output:
>
> Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF PROTO=TCP
> SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2065 DF PROTO=TCP
> SPT=1136 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2066 DF PROTO=TCP
> SPT=1137 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:51:46 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=38844 DF PROTO=TCP
> SPT=2924 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055C01010402)
>
> Feb 9 15:52:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2068 DF PROTO=TCP
> SPT=1184 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:53:07 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:40:ca:86:d5:17:08:00 SRC=192.168.1.53
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30142 DF PROTO=TCP
> SPT=2912 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:55:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2094 DF PROTO=TCP
> SPT=1138 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:55:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2095 DF PROTO=TCP
> SPT=1139 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:55:57 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=39419 DF PROTO=TCP
> SPT=2949 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055C01010402)
>
> Feb 9 15:56:23 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51404 DF PROTO=TCP
> SPT=1967 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:56:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2095 DF PROTO=TCP
> SPT=1186 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:57:07 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:40:ca:86:d5:17:08:00 SRC=192.168.1.53
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30188 DF PROTO=TCP
> SPT=2915 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:59:01 SSI001 /usr/sbin/cron[3387]: (root) CMD ( rm -f
> /var/spool/cron/lastrun/cron.hourly)
>
> Feb 9 15:59:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2123 DF PROTO=TCP
> SPT=1141 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:59:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2124 DF PROTO=TCP
> SPT=1140 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:get_peer_addr(1136)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: getpeername failed. Error was Transport
> endpoint is not connected
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:get_peer_addr(1136)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: getpeername failed. Error was Transport
> endpoint is not connected
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:write_socket_data(430)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: write_socket_data: write failure. Error
> Connection reset by peer
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:write_socket(455)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: write_socket: Error writing 4 bytes to
> socket 43: ERRNO = Connection reset by peer
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:send_smb(647)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: Error writing 4 bytes to client. -1.
> (Connection reset by peer)
>
> Feb 9 15:59:57 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=39764 DF PROTO=TCP
> SPT=2963 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055C01010402)
>
> Feb 9 16:00:23 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51502 DF PROTO=TCP
> SPT=1970 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
> Feb 9 16:00:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT>
MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2122 DF PROTO=TCP
> SPT=1187 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
>
>
> I get these alot. As you can see -- the times are close together -- not
> sure what's going on atm.
----
firewall logs...
basically, the logs are saying that it is blocking...
DPT=139 (destination port 139)
from
SRC=192.168.1.54 (seems like a computer on the local LAN)
and likewise for
DPT=445 (similar but different local LAN ip addresses)
(note port 445 is Win2k/WinXP)
the other errors you list...
endpoint not connected...
write socket.data
are common errors you can ignore (search the archives of this list for
more information if you want)
you probably should just open ports 139 and 445 in your firewall for the
local lan only (192.168.1.0 subnet mask 255.255.255.0)
Craig