[Security Firewall] Re: MNF: LAN->WAN FTP acces problem

Hernan Castaneda Mon, 02 Aug 2004 14:51:48 -0700

Hi again,

I tried to connecto to three different ftp servers
(Symantec, planetmirror and even to slackware ftp)
then i went in to the messages file but I didn't find
any reference to IP traffic from/to the client I was
using. These are the messages that I got:


Aug  2 14:40:00 pharaon CROND[1883]: (root) CMD (  
/usr/share/msec/promisc_check.sh) 
Aug  2 14:40:00 pharaon CROND[1884]: (root) CMD (  
/usr/sbin/monitoring.pl) 
Aug  2 14:40:06 pharaon kernel: MSDOS FS: IO charset
iso8859-15
Aug  2 14:40:06 pharaon kernel: MSDOS FS: Using
codepage 850
Aug  2 14:41:00 pharaon CROND[1898]: (root) CMD (  
/usr/share/msec/promisc_check.sh) 
Aug  2 14:42:01 pharaon CROND[1920]: (root) CMD (  
/usr/share/msec/promisc_check.sh) 
Aug  2 14:43:00 pharaon CROND[1944]: (root) CMD (  
/usr/share/msec/promisc_check.sh) 
Aug  2 14:44:00 pharaon CROND[1948]: (root) CMD (  
/usr/share/msec/promisc_check.sh) 
Aug  2 14:45:00 pharaon CROND[1953]: (root) CMD (  
/usr/share/msec/promisc_check.sh) 
Aug  2 14:45:00 pharaon CROND[1954]: (root) CMD (  
/usr/sbin/monitoring.pl) 
Aug  2 14:45:45 pharaon kernel: MSDOS FS: IO charset
iso8859-15
Aug  2 14:45:45 pharaon kernel: MSDOS FS: Using
codepage 850

The only reference to dropped traffic that I found is
this (but this is after I did the tests and there
isn't any of the IPs of the ftp servers): 

Aug  2 15:01:08 pharaon kernel:
Shorewall:wan2all:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=68.116.132.163 DST=63.245.85.213 LEN=64 TOS=0x00
PREC=0x00 TTL=111 ID=5504 DF PROTO=TCP SPT=62399
DPT=27374 WINDOW=25200 RES=0x00 SYN URGP=0 
Aug  2 15:01:08 pharaon kernel:
Shorewall:wan2all:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=68.116.132.163 DST=63.245.85.213 LEN=64 TOS=0x00
PREC=0x00 TTL=111 ID=5516 DF PROTO=TCP SPT=62416
DPT=12345 WINDOW=25200 RES=0x00 SYN URGP=0 
Aug  2 15:01:10 pharaon kernel:
Shorewall:wan2all:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=68.116.132.163 DST=63.245.85.213 LEN=64 TOS=0x00
PREC=0x00 TTL=111 ID=5816 DF PROTO=TCP SPT=62770
DPT=27374 WINDOW=25200 RES=0x00 SYN URGP=0 
Aug  2 15:01:11 pharaon kernel:
Shorewall:wan2all:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=68.116.132.163 DST=63.245.85.213 LEN=64 TOS=0x00
PREC=0x00 TTL=111 ID=5918 DF PROTO=TCP SPT=62416
DPT=12345 WINDOW=25200 RES=0x00 SYN URGP=0 
Shorewall:rfc1918:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=222.75.66.76 DST=63.245.85.213 LEN=48 TOS=0x00
PREC=0x00 TTL=112 ID=1220 DF PROTO=TCP SPT=4354
DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0 
Aug  2 15:04:22 pharaon kernel:
Shorewall:rfc1918:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=222.75.66.76 DST=63.245.85.213 LEN=48 TOS=0x00
PREC=0x00 TTL=112 ID=1408 DF PROTO=TCP SPT=4354
DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0 
Aug  2 15:04:29 pharaon kernel:
Shorewall:rfc1918:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=222.75.66.76 DST=63.245.85.213 LEN=48 TOS=0x00
PREC=0x00 TTL=112 ID=1840 DF PROTO=TCP SPT=4354
DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0 
Aug  2 15:04:42 pharaon kernel:
Shorewall:rfc1918:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=222.75.66.76 DST=63.245.85.213 LEN=48 TOS=0x00
PREC=0x00 TTL=112 ID=2616 DF PROTO=TCP SPT=1051
DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0 
Aug  2 15:04:45 pharaon kernel:
Shorewall:rfc1918:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=222.75.66.76 DST=63.245.85.213 LEN=48 TOS=0x00
PREC=0x00 TTL=112 ID=2778 DF PROTO=TCP SPT=1051
DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0 
Aug  2 15:04:52 pharaon kernel:
Shorewall:rfc1918:DROP:IN=eth1 OUT=
MAC=00:04:ac:cb:58:4a:00:0f:24:49:a5:71:08:00
SRC=222.75.66.76 DST=63.245.85.213 LEN=48 TOS=0x00
PREC=0x00 TTL=112 ID=3278 DF PROTO=TCP SPT=1051
DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0 

Best Regards,
Hernan

=====
"Stay Free, find your own path, live with greatness
and pride.  Just stay beside the things that are
really eternal; otherwise keep flying..."

MORION ARBENET LUOSKRAD


                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

[Security Firewall] Re: MNF: LAN->WAN FTP acces problem

Reply via email to