Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 3767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop altough packet filter allowance

Brainscanner
Hi everybody,

besides ASG I'm using Privoxy as a parent proxy (to filter ads).

The Privoxy box (192.168.198.6) is hammering Astaro (192.168.198.1) with some kind of requests: 

17:48:25	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:25	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:26	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:27	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:29	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:31	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:31	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:31	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:32	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:33	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:33	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:33	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:34	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:37	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:37	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:38	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:39	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:43	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:43	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d


Why is Astaro dropping these packets? I have a rule to allow all traffic between internal networks.
And just to be sure I even set up a rule at position 1 to explicitely allow the privoxy box to go anywhere on any port.

Second: Does anyone know of a way how I can find out which application is sending these things? Shutting down the privoxy daemon doesn't help (although it's the process running on port 8118).


This thread was automatically locked due to age.
  • 0 in reply to Brainscanner
    Ah, got it. There was an exception rule (for those network OR that site). I misinterpreted that so that it would only apply for a certain page.

    After changing that it's fine.

    So, how would you propose to kick ads with Astaro? I don't see any categories there...
  • 0 in reply to Brainscanner
    Ah, got it. There was an exception rule (for those network OR that site). I misinterpreted that so that it would only apply for a certain page.

    After changing that it's fine.

    So, how would you propose to kick ads with Astaro? I don't see any categories there...


    can't you use the category "Web Ads"?
  • 0 in reply to wingman
    I wonder where my head is...

    Sorry, didn't think so far as to create a new category including that one. Till now I only knew the default ones...

    Thanks for your help, it's working now. :-)