On 09/27/2010 05:40 PM, Carlos E. R. wrote:
On Monday, 2010-09-27 at 09:57 -0400, Anton Aylward wrote:
Carlos E. R. said the following on 09/27/2010 09:23 AM:
What kind of error could that be? Is the firewal blocking outgoing packets, or simply reporting some kind of error?
Would it be possible to track the application responsible? I think it is Thunderbird for the 143 port (213.4.149.65). The other, to port 80, no idea.
My guess is this:
Thunderbird has a message that is that evil thing HTML Mail and has an embedded image which is is trying to retrieve.
I doubt that I have hml mails in that isp, at the moment, and the errors are on outgoing imap connection from my machine, at different times than the errors from port 80. And I don't have any filtering in thunderbird - and it doesn't donwload external images.
Does "netstat -p" show anything?
It does.
Telcontar:~ # netstat -p | grep 194.224.66.51 tcp 1 0 Telcontar.valinor:37646 194.224.66.51:www-http CLOSE_WAIT 10773/gweather-appl
See? Unrelated.
At this moment, the log shows a bunch of errors on that IP (50 or more), outgoing port 80, from 15:42:50 to 17:14:05, No imap errors, and no keyboard activity, I was out (thunderbird was also running).
Sep 27 17:14:05 Telcontar kernel: [156512.022028] SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.1.14 DST=194.224.66.51 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=59635 DF PROTO=TCP SPT=33080 DPT=80 WINDOW=501 RES=0x00 ACK FIN URGP=0 OPT (0101080A094F9B36017FFCBB)
comes from the code finish_chains function in SuSEfirewall2 $iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED $LDAC $iptables -A OUTPUT ${LOG}"-OUT-ERROR " -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org