[Firehol-support] Lots of INVALID OUT ... ACK RST errors?

Rich forums at artfulrobot.uk
Tue Mar 24 12:48:45 GMT 2015


 

Hello again, 

I've firewalled a machine that runs the Dropbox daemon, which needs to
access internet servers over https. 

I have this pertinent bit of config: 

interface4 eth1 interweb src not "${UNROUTABLE_IPS}" dst "$MY_IPS"
 policy drop
 protection strong
 client all accept

I'm getting lots of these: 

INVALID OUT:IN= OUT=eth1 SRC=10.67.5.1 DST=108.160.166.61 LEN=52
TOS=0x00 PREC=0x00 TTL=64 ID=33439 DF PROTO=TCP SPT=38350 DPT=443
WINDOW=1813 RES=0x00 ACK RST URGP=0

I'm running from d614fd7558. 10.67.5.1 is the server's LAN IP (listed in
$MY_IPS), the other IP belongs to Dropbox. This is the only service that
the server regularly accesses as a client, so I doubt this is specific
to the Dropbox servers. The other config mostly covers other firehol
interfaces, there's a tun0 interface and routing is accepted both ways
between this and eth1. Other than that the only other line is a snat one
limited to traffic being sent to the local LAN, so this would not apply
to the sort of packets I'm seeing errors about.

Any advice gratefully appreciated,

Rich

 


More information about the Firehol-support mailing list