search for: urgp

...eas appreciated, and whether or not it's something to worry about. Many thanks for looking things over and your comments, and this excerpt is straight out of the daily log. Sam Begin kernel messages --------------------- Kernel Begin ------------------------ 1 Time(s): RES=0x00 ACK URGP=0 1 Time(s): SRC=140.90.192.168 DST=216.104.158.222 LEN=1500 TOS=0x00 PREC=0x00 TTL=55 ID=18675 DF PROTO=TCP SPT=21950 DPT=55840 WINDOW=1448 RES=0x00 ACK URGP=0 1 Time(s): SRC=165.91.140.32 DST=216.104.158.222 LEN=1500 TOS=0x00 PREC=0x00 TTL=49 ID=17974 DF PROTO=TCP SPT=388 DPT=40486 WINDOW=1...

...bites (lit) that have run amok in things. Any suggestions as a possible fault other than the cpu just becoming more toasty brown? :) Thanks... Sam Begin log snip --------------------- Kernel Begin ------------------------ 1 Time(s): PROTO=TCP SPT=388 DPT=53395 WINDOW=1448 RES=0x00 ACK URGP=0 1 Time(s): URGP=0 1 Time(s): WINDOW=1448 RES=0x00 ACK URGP=0 1 Time(s): 0 PREC=0x00 TTL=49 ID=37550 DF PROTO=TCP SPT=388 DPT=53395 WINDOW=1448 RES=0x00 ACK URGP=0 1 Time(s): 0 PREC=0x00 TTL=49 ID=56466 DF PROTO=TCP SPT=388 DPT=53395 WINDOW=1448 RES=0x00 ACK URGP=0 1 Time(s): 0 SRC=216...

Here's the output: Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF PROTO=TCP SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2065 DF PROTO=TCP SPT=1136 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) F...

.../0 MARK match 0x0 MARK set 0x3 Kernel log (snippet): --------------------- Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1 SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127 ID=64569 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1 SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127 ID=64570 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK PSH URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1...

...hat shorewall logged to /var/log/messages Jan 27 00:23:15 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=216.175.104.127 DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=20585 DF PROTO=TCP SPT=2689 DPT=901 WINDOW=16384 RES=0x00 SYN URGP=0 Jan 27 00:24:30 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=23.91.102.152 DST=24.91.102.152 LEN=555 TOS=0x00 PREC=0x00 TTL=113 ID=41331 PROTO=UDP SPT=666 DPT=1026 LEN=535 Jan 27 00:24:30 h0000b49d5510 kernel: Shorewall:net2all:DROP...

...scope link src 169.254.19.126 127.0.0.0/8 dev lo scope link default via 203.17.101.28 dev ppp0 shorewall show log: Nov 27 22:54:40 net2all:DROP:IN=ppp0 OUT= SRC=211.154.167.13 DST=203.113.232.72 LEN=48 TOS=0x10 PREC=0x00 TTL=106 ID=8267 DF PROTO=TCP SPT=50812 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 27 22:54:43 net2all:DROP:IN=ppp0 OUT= SRC=211.154.167.13 DST=203.113.232.72 LEN=48 TOS=0x10 PREC=0x00 TTL=106 ID=8362 DF PROTO=TCP SPT=50812 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 27 23:12:58 net2all:DROP:IN=ppp0 OUT= SRC=200.165.14.73 DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=1...

...PT=8612 DPT=8610 LEN=24 Jan 28 10:24:44 martin-RB042AV-ABA-a1410y kernel: [ 1166.954068] [UFW BLOCK] IN=enp2s5 OUT= MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15 DST=192.168.254.39 LEN=41 TOS=0x00 PREC=0x00 TTL=128 ID=18139 DF PROTO=TCP SPT=445 DPT=54928 WINDOW=257 RES=0x00 ACK URGP=0 Jan 28 10:24:46 martin-RB042AV-ABA-a1410y kernel: [ 1168.989657] [UFW BLOCK] IN=enp2s5 OUT= MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15 DST=192.168.254.39 LEN=41 TOS=0x00 PREC=0x00 TTL=128 ID=726 DF PROTO=TCP SPT=445 DPT=54928 WINDOW=257 RES=0x00 ACK URGP=0 Jan 28 10:24:4...

...detect and when I tried to go to the net the messages are: Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC =192.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6877 DF PROT O=TCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 Jan 16 17:49:33 murowall kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 SRC=1 92.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6877 DF PROTO= TCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 Jan 16 17:49:34 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SR...

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=448 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|ip_conntrack |nf_conntrack ------- Additional Comments From laforge@netfilter.org 2006-02-14 09:05 MET ------- ipv6 conntrack is

...ckly, another storm occured and the server was receiveing A LOT of packets : [...] Apr 8 11:19:17 rohan kernel: IN=eth0 OUT= MAC=00:09:6b:f1:49:1e:00:09:97:56:9a:0e:08:00 SRC=x.y.16.19 DST=x.y.15.3 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=54407 DF PROTO=TCP SPT=3863 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 8 11:19:17 rohan kernel: IN=eth0 OUT= MAC=00:09:6b:f1:49:1e:00:09:97:56:9a:0e:08:00 SRC=x.y.16.19 DST=x.y.15.3 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=54408 DF PROTO=TCP SPT=3863 DPT=445 WINDOW=65535 RES=0x00 ACK URGP=0 Apr 8 11:19:17 rohan kernel: IN=eth0 OUT= MAC=00:09:6b:f1:49:1e:00:09:97:5...

I can see, that theres a program that keeps sending packets on port 25: Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0...

...ll through to the default CATCH-ALL policy. Here are some iptables log messages notifying of the dropped packets: Dec 12 20:33:53 s1 kernel: DROP -- Catch All: IN= OUT=bond0 SRC=192.168.1.1 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=11211 DPT=47567 WINDOW=0 RES=0x00 RST URGP=0 Dec 12 20:33:59 s1 kernel: DROP -- Catch All: IN= OUT=bond0 SRC=192.168.1.1 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=11211 DPT=47771 WINDOW=0 RES=0x00 RST URGP=0 Dec 12 20:34:00 s1 kernel: DROP -- Catch All: IN= OUT=bond0 SRC=192.168.1.1 DST=192.168.1.2 LEN=40 TOS=0x...

Hello, when I execute "shorewall hits" command I find this stats: HITS IP DATE ---- --------------- ------ 92099 192.168.0.2 Nov 24 7764 59.104.107.85 Nov 23 3997 192.168.1.77 Nov 24 337 181.50.93.89 Nov 23 331 59.104.156.68 Nov 23 315 99.109.157.73 Nov 23 301 190.225.157.40 Nov 23 275 179.153.183.53 Nov 23 268

Hi everybody! I''m very happy with shorewall, seems to safe my computer well, a little bit to well. But i''m sure it''s a mistake of mine: I can''t get edonkey working! They say that edonkey needs the following ports enabled: 4665 udp in / out 3665,4665,7665,8665 udp out 4661,4662,4666 tcp in thats what i wrote in the rules file: ACCEPT fw net

...RD -m mark --mark 2 -j LOG --log-prefix "FORWARD MARK : " The output from log is : Jun 8 14:18:46 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1 SRC= 203.91.83.127 DST=192.168.253.3 LEN=180 TOS=0x00 PREC=0x00 TTL=105 ID=18725 PROTO=TCP SPT=51674 DPT=4662 WINDOW=16944 RES=0x00 ACK PSH URGP=0 Jun 8 14:18:48 fs-linux kernel: PREROUTING MARK : IN=eth0 OUT= MAC=00:06:4f:47:ad:e0:00:0f:3d:cc:29:e0:08:00 SRC=200.209.170.138 DST= 192.168.254.3 LEN=139 TOS=0x00 PREC=0x00 TTL=115 ID=18002 DF PROTO=TCP SPT=1476 DPT=4662 WINDOW=65535 RES=0x00 ACK PSH URGP=0 Jun 8 14:18:48 fs-linux kernel: FO...

...logs with the above configuration. Traffic appears to be going out Oct 22 14:24:35 YYZUNIX kernel: [1832699.820268] Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230 DST=74.125.142.108 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=1218 DF PROTO=TCP SPT=59275 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0 Oct 22 14:24:35 YYZUNIX kernel: [1832699.820280] Shorewall:l2tp2net:ACCEPT:IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.230 DST=74.125.142.108 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=6067 DF PROTO=TCP SPT=59277 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0 Oct 22 14:24:35 YYZUNIX kernel: [1832699.820292] Shorewa...

...0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 Nov 29 18:41:32 net2all:DROP:IN=eth0 OUT= SRC=202.159.251.31 DST=202.159.16.150 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=13106 DF PROTO=TCP SPT=4754 DPT=1025 WINDOW=3216 RES=0x00 SYN URGP=0 Nov 29 18:41:35 net2all:DROP:IN=eth0 OUT= SRC=202.159.251.31 DST=202.159.16.150 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=13180 DF PROTO=TCP SPT=4754 DPT=1025 WINDOW=3216 RES=0x00 SYN URGP=0 Nov 29 18:41:41 net2all:DROP:IN=eth0 OUT= SRC=202.159.251.31 DST=202.159.16.150 LEN=52 TOS=0x00 PREC=0x00 TTL...

...14:55:27 router kernel: Attached scsi generic sg1 at scsi0, channel 0, id 6, lun 0, type 3 Aug 25 14:55:31 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC= SRC=192.168.0.250 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=34730 DF PROTO=TCP SPT=1772 DPT=2894 WINDOW=16960 RES=0x00 SYN URGP=0 Aug 25 14:55:32 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC= SRC=192.168.0.250 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=34764 DF PROTO=TCP SPT=1772 DPT=2894 WINDOW=16960 RES=0x00 SYN URGP=0 Aug 25 14:55:32 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC= SRC=192....

...: .100 is the member IP: .1 and .2 are DC1 and DC2.   The Log part. # The request out to DC2. Dec  4 14:52:05 kernel: [969364.260134] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=419 TOS=0x00 PREC=0x00 TTL=64 ID=19101 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 ACK PSH URGP=0 Dec  4 14:52:05 kernel: [969364.260257] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19102 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 ACK FIN URGP=0   ## DC2 gets invalid and blocked. Dec  4 14:52:05 kernel: [969364.260373] [UFW AUDIT INV...

...gging/tcpdump from an attempt to connect to port 25 on a remote server: Apr 9 21:55:47 eos mangle/PREROUTING:IN=eth0 OUT= MAC=00:40:f4:6b:6c:c1:00:01:02:1c:6f:29:08:00 SRC=192.168.1.20 DST=3.3.3.228 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=41341 DF PROTO=TCP SPT=53218 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 9 21:55:47 eos mangle/MARK6:IN=eth0 OUT= MAC=00:40:f4:6b:6c:c1:00:01:02:1c:6f:29:08:00 SRC=192.168.1.20 DST=3.3.3.228 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=41341 DF PROTO=TCP SPT=53218 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 9 21:55:47 eos nat/PREROUTING:IN=eth0 OUT= MAC=00:40:f4:6b:6c...