In reviewing my laptop log watch I noticed this entry: --------------------- iptables firewall Begin ------------------------
Listed by source hosts: Logged 1009 packets on interface eth0 From 63.217.156.81 - 831 packets to tcp(32786,32787,32788,32857,32858,32894,32895,32896,33193,33194,33200,33201,33202,33525,33526,34755,34756,34811,34812,34813,35372,35373,35617,35618,35619,35711,35712,35713,36230,36231,36232,36477,36478,36479,36779,36780,37253,37254,37255,37349,37350,37351,37765,37766,38588,38589,38590,38693,38694,38695,38746,38747,38748,38961,38962,39297,39298,39441,39442,39443,39814,39815,40671,40672,40673,41173,41174,41283,41284,41498,41499,41500,41818,41819,41820,42025,42026,42509,42510,42511,43198,43199,43200,43273,43274,43277,43418,43419,43420,43755,43756,44013,44014,44015,44203,44204,44402,44403,45061,45062,45160,45161,45991,45992,46106,46107,46108,46109,46140,46141,46243,46244,46245,46253,46254,46255,47736,47737,47738,48258,48259,48260,48330,48331,48899,48900,49142,49143,49883,49884,50165,50166,50167,50985,50986,51095,51096,51097,51353,51354,52483,52484,52485,53038,53668,53669,53670,53711,53712,53926,53927,54113,54114,54115,54183,54184,54185,54361 ,54362,54363,54796,54797,54798,55070,55071,55331,55333,55334,55445,55446,55447,55704,55705,55706,55735,55736,55737,56088,56089,56295,56296,56345,56346,56347,56640,56641,56642,57327,57328,57709,57710,57711,57818,57819,58247,58248,58249,58274,58275,58355,58356,58357,58735,58736,59122,59123,59366,59367,59368,59448,59449,59630,59631,59951,59953,59954,59995,59996,60207,60208,60253,60254,60255,60544,60545,60563,60564,60835,60836,60837,60891,60892) From 173.194.34.104 - 146 packets to tcp(33370,35014,36873,37467,38486,39229,39515,39748,40666,41234,41640,42183,42186,43815,44709,45485,45535,46533,46642,46964,47498,47933,48000,48152,48658,49088,49109,49679,49744,49817,51190,51637,52506,54398,54672,54975,55209,55869,56591,56627,56937,57121,57174,57557,57715,58139,58306,60803) ---------------------- iptables firewall End ------------------------- My laptop is running Ubuntu 10.4 and sits behind an openWRT Linksys router running NAT. So the blocked packets had to be coming from computers where the laptop had instigated the connection. netstat shows these entries for those IP addresses: netstat -naepWv | egrep '173.194.34.104|63.217.156.81' tcp 0 0 192.168.0.2:50329 63.217.156.81:80 ESTABLISHED 1000 502166 3559/clock-applet tcp 0 0 192.168.0.2:50331 63.217.156.81:80 ESTABLISHED 1000 502498 3559/clock-applet tcp 1 0 192.168.0.2:48662 63.217.156.81:80 CLOSE_WAIT 1000 506060 3561/gweather-apple tcp 0 0 192.168.0.2:50330 63.217.156.81:80 ESTABLISHED 1000 502461 3559/clock-applet tcp 1 0 192.168.0.2:40670 173.194.34.104:443 CLOSE_WAIT 1000 502729 3742/evolution-data tcp 1 0 192.168.0.2:48663 63.217.156.81:80 CLOSE_WAIT 1000 506061 3561/gweather-apple So the 63.217.156.81 entries appear to be related to the clock-applet and weather-applet. The evolution-data may be calendar related. I'll need to investigate further. The firewall log first started reporting these blocked connections on Nov 11. Comparing the blocked port numbers in the firewall log to the port numbers in use from netstat, I can believe that this could be an artifact of a bug where the connections are closed improperly. There was a kernel update on Nov 11 along with some other packages that I do not think are connected to the clock/weather applets. Evolution was also updated. So why did I send this email? I'm looking for advice as to what I should do next. Should I be filing a bug report? Which app? Is it the kernel? What other info should be in a bug report? Are others seeing entries like this in their firewall logs? Thanks for your thoughts. -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://dlslug.org/library.html http://www.librarything.com/catalog/dlslug http://www.librarything.com/catalog/dlslug&sort=stamp http://www.librarything.com/rss/recent/dlslug _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/