[Firehol-support] Strange problem...
Sim
simvirus at gmail.com
Wed Dec 17 08:12:10 GMT 2008
Hi Costa, thanks for your support and your product!
It is really essential for my life! :-)
>>
>> Why "PASS-unknown" ?
>>
>
> Routers in firehol have the default policy RETURN. For this reason, firehol
> cannot know to which router a packet that did not matched was supposed to
> belong. So for all routed traffic, firehol reports 'PASS-unknown'.
>
>
And in this case?
Dec 17 08:54:48 lan kernel: [583093.117359] 'PASS-unknown:'IN=eth1
OUT=ppp0 SRC=192.168.0.200 DST=216.218.211.34 LEN=40 TOS=0x00
PREC=0x00 TTL=127 ID=3433 DF PROTO=TCP SPT=14321 DPT=80 WINDOW=64859
RES=0x00 ACK FIN URGP=0
Dec 17 08:55:23 lan kernel: [583128.285620] 'PASS-unknown:'IN=eth1
OUT=ppp0 SRC=192.168.0.200 DST=216.218.211.34 LEN=40 TOS=0x00
PREC=0x00 TTL=127 ID=3578 DF PROTO=TCP SPT=14321 DPT=80 WINDOW=64859
RES=0x00 ACK FIN URGP=0
Dec 17 09:01:11 lan kernel: [583475.518155] 'PASS-unknown:'IN=eth1
OUT=ppp0 SRC=192.168.0.67 DST=66.249.91.104 LEN=40 TOS=0x00 PREC=0x00
TTL=127 ID=788 DF PROTO=TCP SPT=49200 DPT=80 WINDOW=16445 RES=0x00 ACK
FIN URGP=0
Dec 17 09:01:11 lan kernel: [583476.117360] 'PASS-unknown:'IN=eth1
OUT=ppp0 SRC=192.168.0.67 DST=66.249.91.104 LEN=40 TOS=0x00 PREC=0x00
TTL=127 ID=789 DF PROTO=TCP SPT=49200 DPT=80 WINDOW=16445 RES=0x00 ACK
FIN URGP=0
Why it's matched and filtered?
This is the config with "router section"
=======
router ext2www inface eth1 outface ppp+ src "192.168.0.0/24"
route all accept
=======
It's appears only occasionally with some clients and destinations
(including Google destination).
Thanks again
Regards
---
Sim
More information about the Firehol-support
mailing list