Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On 2016-02-13 05:56, Andrei Borzenkov wrote:

No. He sees this message because other system blocks UDP

[SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00 TTL=64
ID=3128 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]

I'm looking at
<https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>


The message is:

SFW2-INext-DROP-DEFLT IN=eth0
OUT= MAC=00:21:85:16:2d:0b:00:03:0d:05:17:fc:08:00
SRC=192.168.1.15 DST=192.168.1.14
LEN=371 TOS=0x00 PREC=0xC0 TTL=64 ID=16013 PROTO=ICMP TYPE=3 CODE=3

[SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00
PREC=0x00 TTL=64 ID=3128
PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]


Where:

PROTO=ICMP
TYPE=3 --> Destination Unreachable
CODE=3 --> Destination port unreachable

Ie, 192.168.1.15 is telling 192.168.1.14 that the "destination port is
unreachable". It includes the data of what communication is it that has
problems, which goes from 192.168.1.14:6666 to 192.168.1.15:6666 (UDP).



But udp,6666 is indeed open, so it does not make sense. To me, at least. :-}


(The "Ext" firewall apparently blocks ICMP, but not ICMP type 8 (Echo
Request))

--
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)

< Previous Next >