Hello,
I recently moved from Transparent Proxy to Standard Proxy. So I have disabled the web surfing packet rules from internal to internet. Now I see a lot of entries in the packet filter log file that shows some connections to destination port 80 that should not be generated.
IE: this is a log entry from my laptop ip address:
2010:10:13-14:09:06 myfirewall ulogd[3283]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" dstmac="xx:xx:xx:xx:xx:xx" srcmac="yy:yy:yy:yy:yy:yy" srcip="192.168.1.2" dstip="74.125.107.85" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1490" dstport="80" tcpflags="SYN"
the destination ip belongs to google. In both of my browsers (ie and ff) I use astaro as proxy. So I don't understand these blocked packets. The are a lot of these example in my logs.. also from other source ip address of my internal network, the destination port is always 80 or 443. How can it be possible?
This thread was automatically locked due to age.
