[Firehol-support] Followup: FireHOL, OpenVPN bridge and routing

Tsolakos Stavros stsolakos at gmail.com
Sun Feb 22 21:03:38 GMT 2009


Hi again.

I had messed up some permissions and the user "syslog" could not write
to syslog. Here are the messages I get when I am trying to connect to
the DSL router's administrative page (192.168.200.1) from a VPN
connected client with IP=192.168.200.202. "vitrina" is the name of the
machine firehol runs on:

Feb 22 22:58:58 vitrina kernel: [ 1244.956942] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=tap0 PHYSOUT=eth0 SRC=192.168.200.202 DST=192.168.200.1
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50621 DF PROTO=TCP SPT=50266 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0
Feb 22 22:59:01 vitrina kernel: [ 1247.954931] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=tap0 PHYSOUT=eth0 SRC=192.168.200.202 DST=192.168.200.1
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50622 DF PROTO=TCP SPT=50266 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0
Feb 22 22:59:05 vitrina kernel: [ 1252.505314] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=342 TOS=0x00 PREC=0x00 TTL=4 ID=40149 PROTO=UDP SPT=1900 DPT=1900
LEN=322
Feb 22 22:59:05 vitrina kernel: [ 1252.505602] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=40150 PROTO=UDP SPT=1900 DPT=1900
LEN=324
Feb 22 22:59:05 vitrina kernel: [ 1252.505881] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=40151 PROTO=UDP SPT=1900 DPT=1900
LEN=334
Feb 22 22:59:05 vitrina kernel: [ 1252.506167] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=348 TOS=0x00 PREC=0x00 TTL=4 ID=40152 PROTO=UDP SPT=1900 DPT=1900
LEN=328
Feb 22 22:59:05 vitrina kernel: [ 1252.506427] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=289 TOS=0x00 PREC=0x00 TTL=4 ID=40153 PROTO=UDP SPT=1900 DPT=1900
LEN=269
Feb 22 22:59:06 vitrina kernel: [ 1253.514597] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=342 TOS=0x00 PREC=0x00 TTL=4 ID=40161 PROTO=UDP SPT=1900 DPT=1900
LEN=322
Feb 22 22:59:07 vitrina kernel: [ 1254.523877] 'PASS-unknown:'IN=br0
OUT=br0 PHYSIN=eth0 PHYSOUT=tap0 SRC=192.168.200.1 DST=239.255.255.250
LEN=342 TOS=0x00 PREC=0x00 TTL=4 ID=40173 PROTO=UDP SPT=1900 DPT=1900
LEN=322

I don't understand why they are rejected. Perhaps something that has to
do with PHYSIN/PHYSOUT?

Thanks again.

Stavros




More information about the Firehol-support mailing list