I don't really have a problem, I just noticed a lot of those blocked requests in my packet filter log and don't quite understand what's happening.
I thought port 80 was covered by the proxy and will automatically be allowed because of that. Why does it show up in the packet filter as "blocked"?
Some examples:
09:54:14 Default DROP TCP 10.x.x.x : 4063
→ 74.125.77.121 : 80
[ACK FIN] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:54:14 Default DROP TCP 10.x.x.x : 1622
→ 80.67.30.1 : 80
[ACK RST] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:54:14 Default DROP TCP 10.x.x.x : 4066
→ 85.214.26.53 : 80
[ACK FIN] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:54:14 Default DROP TCP 10.x.x.x : 4068
→ 74.125.77.121 : 80
[ACK FIN] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:54:15 Default DROP TCP 10.x.x.x : 4067
→ 80.237.210.53 : 80
[ACK FIN] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:54:15 Default DROP TCP 10.x.x.x : 4071
→ 72.5.124.56 : 80
[ACK FIN] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:57:32 Default DROP TCP 10.x.x.x : 4506
→ 212.162.52.136 : 80
[ACK RST] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
09:57:32 Default DROP TCP 10.x.x.x : 4505
→ 62.112.149.73 : 80
[ACK RST] len=40 ttl=127 tos=0x00 srcmac=00:1a:8c:x:x:x dstmac=00:1a:8c:x:x:x
While posting this I noticed the mac adresses originating from the astaro itself... src and dst are just 2 different astaro interfaces. I don't get it. Any ideas what could cause stuff like that?
This thread was automatically locked due to age.
