[SOLVED] Re: incoming interface confusion question

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Shaun T. Erickson" <ste@smxy.org>
To: netfilter@lists.netfilter.org
Subject: [SOLVED] Re: incoming interface confusion question
Date: Mon, 21 Jun 2004 20:13:30 -0400	[thread overview]
Message-ID: <40D779AA.4040905@smxy.org> (raw)
In-Reply-To: <40D76A3F.90503@smxy.org>

Thanks for your comments and questions, everyone - they got me onto a 
different train of thought which quickly led me to a resolution - I'm in 
your debt. :)

The traffic was indeed response packets to connections made from systems 
on my lan. It seems that I put in a rule on my netfilter box, Friday, 
that allowed out some traffic that had been bottled up, just waiting to 
get to the internet. This traffic turned out to be windows servers 
looking for updates from microsoft. The firewall did let the return 
packets back, but logged them as if it hadn't. The log rule was supposed 
to log anything that was about to hit the default chain policy of drop, 
but the rule I added Friday got added after the logging rule, instead of 
before it. So, it was logged, then accepted.

Mystery solved.

Now, if I were a networking guy, instead of a sysadmin, or at least one 
with more networking knowledge, I'd've figured this out this morning, 
and saved myself a day's wild goose chase, and the additional gray 
hairs. Sigh.

Again, thanks.

	-ste

next prev parent reply	other threads:[~2004-06-22  0:13 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-21 17:45 incoming interface confusion question Shaun T. Erickson
2004-06-21 19:28 ` Shaun T. Erickson
2004-06-21 20:18   ` John A. Sullivan III
2004-06-21 21:13     ` incoming interface confusion question [LONG] Shaun T. Erickson
2004-06-21 22:28       ` incoming interface confusion question Antony Stone
2004-06-21 23:07         ` Shaun T. Erickson
2004-06-22  0:13           ` Shaun T. Erickson [this message]
2004-06-21 22:33       ` incoming interface confusion question [LONG] John A. Sullivan III
2004-06-22  6:37   ` incoming interface confusion question Jozsef Kadlecsik
2004-06-21 19:36 ` Cedric Blancher
2004-06-21 20:34   ` Ranjeet Shetye

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40D779AA.4040905@smxy.org \
    --to=ste@smxy.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.