[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Apache question


We have a lot of strange log entry in our NetScreen FireWall:
Nov 12 11:42:51 NSNAME: NetScreen device_id=NSNAME [MYISP]system-notification-00257(traffic): start_time="2003-11-12 11:42:10" duration=0 policy_id=51 service=tcp/port:20158 proto=6 src zone=Trust-XXX dst zone=Untrust action=Deny sent=0 rcvd=0 src=62.XX.YYY.ZZZ dst= src_port=80 dst_port=20158

* 62.XX.YYY.ZZZ is a server with Apache1.3.x that it only serves static pages.
* All the NICs have Public IP Address.

Alteon(load balance)
  |       |       |     |
Apache1  ...           ApacheN

Do you know why Apache has this behavior? Why Apache initiates the connections with src_port 80 and random dst_port?

Thanks in advance

Reply to: