ipchains/firewall oddly blocking random websites

Bryan K. Walton Fri, 22 Feb 2002 17:39:54 -0600

I have a bizarre problem that I am having trouble fixing.  I have a home
firewall running kernel 2.2.20 with ipchains.  For some odd reason, the
firewall blocks about 5% of the websites I try to go to.  I turned on
logging for my HTTP ipchains rules and nothing out of the ordinary seems
to be happening.  Here is the http portion of my rules:


# Allow HTTP access to remote web sites
ipchains -A output      -i $EXTERNAL_INTERFACE -p tcp \
          -s $IPADDR $UNPRIVPORTS \
          -d $ANYWHERE 80 -j ACCEPT
ipchains -A input       -i $EXTERNAL_INTERFACE -p tcp ! -y \
          -s $ANYWHERE 80 \
          -d $IPADDR $UNPRIVPORTS -j ACCEPT

# Allow HTTPS access to remote secure web sites
ipchains -A output      -i $EXTERNAL_INTERFACE -p tcp \
          -s $IPADDR $UNPRIVPORTS \
          -d $ANYWHERE 443 -j ACCEPT
ipchains -A input       -i $EXTERNAL_INTERFACE -p tcp ! -y \
          -s $ANYWHERE 443 \
          -d $IPADDR $UNPRIVPORTS -j ACCEPT

And here is how those variables are defined:
IPADDR="66.222.30.128"
EXTERNAL_INTERFACE="eth0"
ANYWHERE="any/0"
UNPRIVPORTS="1024:65535"

Furthermore, here is a sample log from a successful attempt to access
www.weather.com:

Feb 22 17:08:54 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62543 63.111.66.11:80 L=48 S=0x00 I=
64715 F=0x4000 T=127 SYN (#38)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=48 S=0x00 I=0
 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62543 63.111.66.11:80 L=40 S=0x00 I=
64971 F=0x4000 T=127 (#38)
Feb 22 17:08:54 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62543 63.111.66.11:80 L=454 S=0x00 I
=65227 F=0x4000 T=127 (#38)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=40 S=0x00 I=7
564 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I
=7565 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I
=7566 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62543 63.111.66.11:80 L=40 S=0x00 I=
65483 F=0x4000 T=127 (#38)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I
=7567 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I
=7568 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62543 63.111.66.11:80 L=40 S=0x00 I=
204 F=0x4000 T=127 (#38)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I
=7569 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I
=7570 F=0x4000 T=51 (#89)
Feb 22 17:08:54 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62543 63.111.66.11:80 L=40 S=0x00 I=
460 F=0x4000 T=127 (#38)
Feb 22 17:08:54 cortafuegos kernel: Packet log: input ACCEPT eth0
PROTO=6 63.111.66.11:80 66.222.30.128:62543 L=1500 S=0x00 I

And then, here is a sample log from a failed attempt to access
www.wunderground.com:

Feb 22 17:20:53 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62556 66.28.69.136:80 L=48 S=0x00 I=
20688 F=0x4000 T=127 SYN (#38)
Feb 22 17:20:56 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62556 66.28.69.136:80 L=48 S=0x00 I=
21200 F=0x4000 T=127 SYN (#38)
Feb 22 17:20:56 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=627
80 F=0x4000 T=51 (#26)
Feb 22 17:20:59 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=629
45 F=0x4000 T=51 (#26)
Feb 22 17:21:02 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62556 66.28.69.136:80 L=48 S=0x00 I=
22224 F=0x4000 T=127 SYN (#38)
Feb 22 17:21:02 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=632
56 F=0x4000 T=51 (#26)
Feb 22 17:21:06 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=637
68 F=0x4000 T=51 (#26)
Feb 22 17:21:14 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62556 66.28.69.136:80 L=48 S=0x00 I=
24272 F=0x4000 T=127 SYN (#38)
Feb 22 17:21:14 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=644
17 F=0x4000 T=51 (#26)
Feb 22 17:21:18 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=647
77 F=0x4000 T=51 (#26)
Feb 22 17:21:38 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62557 66.28.69.136:80 L=48 S=0x00 I=
30672 F=0x4000 T=127 SYN (#38)
Feb 22 17:21:38 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62557 L=44 S=0x00 I=605
85 F=0x0000 T=51 (#26)
Feb 22 17:21:41 cortafuegos kernel: Packet log: output ACCEPT eth0
PROTO=6 66.222.30.128:62557 66.28.69.136:80 L=48 S=0x00 I=
31184 F=0x4000 T=127 SYN (#38)
Feb 22 17:21:41 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62557 L=44 S=0x00 I=606
72 F=0x0000 T=51 (#26)
Feb 22 17:21:43 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=162
0 F=0x4000 T=51 (#26)

Can anyone help me pinpoint my problem?  I am really scratching my head
on this one.

Thanks!
Bryan Walton

ipchains/firewall oddly blocking random websites

Reply via email to