[pfSense Support] Understand log entry
Can anyone tell me what this log entry means? Sep 15 20:36:16 pf: 594200 rule 65/0(match): block in on dc2: MyIPwasHere.1284 > 209.86.93.236.25: FP 0:6(6) ack 1 win 16954 I have replaced my IP with "MyIPwasHere"... It looks to me like a packet going out from my server (MyIPwasHere) on the dc2 interface (my DMZ interface) to 209.86.93.236 on port 25 was blocked by PfSense. Is this all correct? If so, I am not sure why because I have a rule setup to specifically allow this. In fact, if the rule wasn't working I would have serious phone calls at this point because customers wouldn't be getting their mail. I don't see a ton of these but I do see enough to make me wonder why things are being rejected on port 25 out from my DMZ on occassion. Thanks in advance for any help. Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Understand log entry
Looks like a packet from MyIPWasHere destined for 209.86.93.236 port 25 with the flags FIN/PSH/ACK set was blocked. This happens frequently for traffic that is out of state - most commonly because it's a delayed packet. There are other reasons, but it usually has something to do with timing of the packet involved. --BillOn 9/15/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Can anyone tell me what this log entry means?Sep 15 20:36:16 pf: 594200 rule 65/0(match): block in on dc2:MyIPwasHere.1284 > 209.86.93.236.25: FP 0:6(6) ack 1 win 16954I have replaced my IP with "MyIPwasHere"... It looks to me like a packet going out from my server (MyIPwasHere) on thedc2 interface (my DMZ interface) to 209.86.93.236 on port 25 was blocked byPfSense.Is this all correct? If so, I am not sure why because I have a rule setup to specifically allow this.In fact, if the rule wasn't working I would have serious phone calls at thispoint because customers wouldn't be getting their mail.I don't see a ton of these but I do see enough to make me wonder why things are being rejected on port 25 out from my DMZ on occassion.Thanks in advance for any help.Todd-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Understand log entry
So, if I am reading you right, this is something I should mostly ignore and not worry about too much? Oh and if I haven't said it yet.. Thanks to all those involved in this project, it's a GREAT piece of software! Regards, Todd - Original Message - From: Bill Marquette To: support@pfsense.com Sent: Thursday, September 15, 2005 9:30 PM Subject: Re: [pfSense Support] Understand log entry Looks like a packet from MyIPWasHere destined for 209.86.93.236 port 25 with the flags FIN/PSH/ACK set was blocked. This happens frequently for traffic that is out of state - most commonly because it's a delayed packet. There are other reasons, but it usually has something to do with timing of the packet involved.--Bill On 9/15/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Can anyone tell me what this log entry means?Sep 15 20:36:16 pf: 594200 rule 65/0(match): block in on dc2:MyIPwasHere.1284 > 209.86.93.236.25: FP 0:6(6) ack 1 win 16954I have replaced my IP with "MyIPwasHere"... It looks to me like a packet going out from my server (MyIPwasHere) on thedc2 interface (my DMZ interface) to 209.86.93.236 on port 25 was blocked byPfSense.Is this all correct? If so, I am not sure why because I have a rule setup to specifically allow this.In fact, if the rule wasn't working I would have serious phone calls at thispoint because customers wouldn't be getting their mail.I don't see a ton of these but I do see enough to make me wonder why things are being rejected on port 25 out from my DMZ on occassion.Thanks in advance for any help.Todd-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Understand log entry
On 9/15/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: So, if I am reading you right, this is something I should mostly ignore and not worry about too much? Mostly, don't worry about it too much. I'd keep an eye on them as it's possible it's part of a stealth scan. But I wouldn't put too much weight in them if it's just onesy-twosy type stuff. --Bill