Re: firewall log message question

To: debian-user@lists.debian.org
Subject: Re: firewall log message question
From: Marc Haber <debian-user.lists.debian.org@marc-haber.de>
Date: Sat, 02 Jun 2001 14:24:36 +0200
Message-id: <[🔎] E156ASK-0003ZC-00@torres.ka0.zugschlus.de>
In-reply-to: <20010529193747.B32101@serensoft.com>
References: <20010529193747.B32101@serensoft.com>

On Tue, 29 May 2001 19:37:47 -0500, will trillich <will@serensoft.com>
wrote:
>	May 23 12:51:01 server kernel: Packet log: input DENY eth1 PROTO=1 192.168.1.62:3 208.33.90.85:13 L=56 S=0x00 I=30114 F=0x0000 T=248 (#5)
>	May 23 12:51:05 server kernel: Packet log: input DENY eth1 PROTO=1 192.168.1.62:3 208.33.90.85:13 L=56 S=0x00 I=30125 F=0x0000 T=248 (#5)
>	May 23 12:51:11 server kernel: Packet log: input DENY eth1 PROTO=1 192.168.1.62:3 208.33.90.85:13 L=56 S=0x00 I=30140 F=0x0000 T=248 (#5)
>	May 23 12:51:23 server kernel: Packet log: input DENY eth1 PROTO=1 192.168.1.62:3 208.33.90.85:13 L=56 S=0x00 I=30167 F=0x0000 T=248 (#5)

Protocol 1 is ICMP, and ICMP does not have ports. The firewall code
uses the place that it usually uses to print ports for IMCP type/code,
so what we face here is an ICMP packet of type 3 code 13.

ICMP 3/13 says "communication administratively prohibited" which means
that an access that you tried has been denied by a firewall on the
remote side, and you should probably let your local machine know about
that to avoid running into timeouts.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to:

Prev by Date: Re: Port Sentry
Next by Date: Re: Currency of packages
Previous by thread: problems to shutdown /w Kernel 2.4.3 and X 4.0.3
Next by thread: Re: which gnutella-client to use
Index(es):
- Date
- Thread