And here is some tcpdump output from the box where vuurmuur is running.
tcpdump host 138.188.101.29 or host 192.168.2.5
Rgds
Richard
Am Mittwoch, den 15.06.2011, 20:54 +0200 schrieb Richard Ulrich:
> Hi Victor,
>
> > Is it a SYN packet? Can you give the packet details (wireshark/tcpdump)?
>
> Look like.. some output of tcpdump is attached.
>
>
> > It looks like 192.168.1.10 is the ipaddress of your "internet"
> > interface, suggesting it's behind a NAT router itself? Did you also
> > configure the router to forward the traffic?
> >
> > On first glance I see nothing strange about the ruleset, could you
> share
> > the output of "iptables -vnL"?
>
> Yes. That always worked, with the old router.
> ADSL router ----> Intermediary Router -----> Webserver
> It's the intermediary router, that I'm replacint right now.
>
> Also, I don't know if that has a signifficance, but in the vuurmuur
> logview, these lines with PORTFW always have "flags: ****S*" at the
> end.
>
> Rgds
> Richard
>
21:19:56.430689 IP 138.188.101.29.8391 > 192.168.2.5.www: Flags [S], seq
877554620, win 5840, options [mss 1408,sackOK,TS val 1559985998 ecr
0,nop,wscale 9], length 0
21:19:59.428813 IP 138.188.101.29.8391 > 192.168.2.5.www: Flags [S], seq
877554620, win 5840, options [mss 1408,sackOK,TS val 1559988998 ecr
0,nop,wscale 9], length 0
21:20:01.527777 IP rate-limited-proxy-72-14-199-73.google.com.49717 >
192.168.2.5.www: Flags [S], seq 1942365621, win 5840, options [mss
1408,sackOK,TS val 438580913 ecr 0,nop,wscale 6], length 0
21:20:04.517562 IP rate-limited-proxy-72-14-199-73.google.com.49717 >
192.168.2.5.www: Flags [S], seq 1942365621, win 5840, options [mss
1408,sackOK,TS val 438583913 ecr 0,nop,wscale 6], length 0
21:20:05.427835 IP 138.188.101.29.8391 > 192.168.2.5.www: Flags [S], seq
877554620, win 5840, options [mss 1408,sackOK,TS val 1559994998 ecr
0,nop,wscale 9], length 0
21:20:10.516635 IP rate-limited-proxy-72-14-199-73.google.com.49717 >
192.168.2.5.www: Flags [S], seq 1942365621, win 5840, options [mss
1408,sackOK,TS val 438589913 ecr 0,nop,wscale 6], length 0
21:20:15.777972 IP 138.188.101.29.54591 > 192.168.2.5.www: Flags [S], seq
904158907, win 5840, options [mss 1408,sackOK,TS val 1560005351 ecr
0,nop,wscale 9], length 0
21:20:17.425781 IP 138.188.101.29.8391 > 192.168.2.5.www: Flags [S], seq
877554620, win 5840, options [mss 1408,sackOK,TS val 1560006998 ecr
0,nop,wscale 9], length 0
21:20:18.778572 IP 138.188.101.29.54591 > 192.168.2.5.www: Flags [S], seq
904158907, win 5840, options [mss 1408,sackOK,TS val 1560008351 ecr
0,nop,wscale 9], length 0
21:20:22.514542 IP rate-limited-proxy-72-14-199-73.google.com.49717 >
192.168.2.5.www: Flags [S], seq 1942365621, win 5840, options [mss
1408,sackOK,TS val 438601913 ecr 0,nop,wscale 6], length 0
21:20:24.777690 IP 138.188.101.29.54591 > 192.168.2.5.www: Flags [S], seq
904158907, win 5840, options [mss 1408,sackOK,TS val 1560014352 ecr
0,nop,wscale 9], length 0
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Vuurmuur-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
