Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 1087 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop only windows!

dk-jek
This post is mayby placed in a wrong area, so I've moved it to - I hope! - the right one....


My Firewall is dumping af lot of packets, but only when I'm coming from an windows based client...sitting om the same network/router with my EEE everything is OK...

Here is whar I'm seeing on live log:

15:39:38  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
15:39:39  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
15:39:40  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
15:39:42  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
15:39:45  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
15:39:53  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
15:40:08  Default DROP  TCP 
93.174.93.222  :  40473
→ 
193.162.239.226  :  80

[ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6


This thread was automatically locked due to age.
  • 0
    My Firewall is dumping af lot of packets, but only when I'm coming from an windows based client...sitting om the same network/router with my EEE (Ubuntu) everything is OK...

    Here is what I'm seeing on live log:

    15:39:38  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
    15:39:39  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
    15:39:40  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
    15:39:42  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
    15:39:45  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
    15:39:53  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
    15:40:08  Default DROP  TCP 
    93.174.93.222  :  40473
    → 
    193.162.239.226  :  80

    [ACK FIN]  len=52  ttl=60  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:0c:29:1a:b9:a6
  • 0
    Hi, is the client internal or external / which IP is which?

    Barry
  • 0 in reply to BarryG
    User is coming from 93.174.93.222 to get HTTP from 193.162.239.226 (External)

    They should have - via NAT - been forwardet to 192.168.0.6 but packets are dropped

    You can try it your self: Go to the address PEblog.dk with both at windows- and a linux client!!
  • 0
    What are your DNAT and Packetfilter settings?

    Barry
  • 0 in reply to BarryG
    I dropped windows already 10 years ago [:D]

    (sorry, couldn't hold me back...)