HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   need some help with apf-firewall logs (http://www.howtoforge.com/forums/showthread.php?t=56661)

Ovidiu 23rd March 2012 12:16

need some help with apf-firewall logs
 
I have got a couple of logs I can't "read" - can someone explain what the different fields mean?

i.e. I figured out some of them, i.e. DPT=destination port target, STP=source target port


Code:

Mar 23 08:42:33 h1870666 kernel: [161677.396086] ** SDROP ** IN= OUT=eth0 SRC=85.214.229.212 DST=31.184.242.127 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=39297 DF PROTO=TCP SPT=50979 DPT=
80 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0

Code:

Mar 23 06:48:59 h1870666 kernel: [154862.760090] ** SDROP ** IN= OUT=eth0 SRC=85.214.229.212 DST=31.184.242.127 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=30135 DF PROTO=TCP SPT=48250 DPT=
80 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0

why is an outgoing connection from my own IP (85.214.229.212) being blocked? I am sure if I knew how to read that log line that would become clear to me.
Besides, why would my server connect to that remote IP?

I can post a summary of my apf config if its needed to answer this question.

P.S. I have not set up filtering of outgoing connections in apf so the above log lines must not be based upon the static fitlering but some reactive mechanism of apf.


All times are GMT +2. The time now is 00:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.