> >output DENY ipsec0 PROTO=1 172.35.55.8:8 192.168.0.1:0 L=84 S=0x00 I=6966 > >F=0x0000 T=64 (#28) > > > >I found that port 8 is just a unassigned port and port 0 is a reserved > port. > >Does anyone out there have seen this error before. > > I don't know what firewall produced that log record (it would be better if > folks identified the systems involved), but it is surely referring to > protocol 1 (ICMP), type 8 (echo). (ICMP does not use ports.) > To answer the question, that's Linux ipchains syslog output. I agree that this information should be supplied by the original poster. The above reads like this: * the 'output' chain (which is one of the three predefined ones) caused this log entry, * a packet was denied * on interface ipsec0 * with protocol 1 (ICMP) * The source address was 172.35.55.8, * the ICMP type was 8, * the destination address was 192.168.0.1, * the ICMP code was 0, * the IP packet length was 84 bytes, * the TOS (type of service) field was 0x00, * the IP ID was 6966, * the fragment field read 0x0000, * the TTL was 64. * Rule number 28 caused this log entry. Note that the numbers following the source and destination addresses mean source and destination ports respectively when protocols TCP (6) and UDP (17) are referenced, ICMP type and code respectively for ICMP. Tobias - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
