From: Jong Hian Zin <mail.zin@gmail.com>
To: /dev/rob0 <rob0@gmx.co.uk>
Cc: netfilter@lists.netfilter.org
Subject: Re: Firewall blocking Java applet?
Date: Tue, 28 Jun 2005 10:26:08 +0800 [thread overview]
Message-ID: <cb82de5905062719264cd8b0a9@mail.gmail.com> (raw)
In-Reply-To: <cb82de5905062219311bcdfba3@mail.gmail.com>
I have managed to log the traffic right after I clicked on the Start button:
root@OpenWrt:~# iptables -I FORWARD 1 -s 0/0 -d 0/0 -j LOG
root@OpenWrt:~# logread -f
Jun 27 22:08:49 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=3703
PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 22:08:51 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=3705
PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 22:08:52 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=3707
PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=3709 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64240 RES=0x00 SYN URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=10970 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3710 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64240 RES=0x00 ACK URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=94 TOS=0x00 PREC=0x00 TTL=122 ID=10973 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65535 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=51 TOS=0x00 PREC=0x00 TTL=127 ID=3711 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64186 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=73 TOS=0x00 PREC=0x00 TTL=122 ID=10977 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65524 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=54 TOS=0x00 PREC=0x00 TTL=127 ID=3714 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64153 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=68 TOS=0x00 PREC=0x00 TTL=122 ID=10985 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65510 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3716 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64125 RES=0x00 ACK URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=66 TOS=0x00 PREC=0x00 TTL=122 ID=11013 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65510 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=3717 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64099 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=60 TOS=0x00 PREC=0x00 TTL=122 ID=11022 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65502 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=46 TOS=0x00 PREC=0x00 TTL=127 ID=3718 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64079 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=92 TOS=0x00 PREC=0x00 TTL=122 ID=11029 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65496 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=3719
PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 22:08:54 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
210.187.132.33 <http://210.187.132.33> DST=192.168.1.2
<http://192.168.1.2>LEN=56 TOS=0x00 PREC=0x00 TTL=252 ID=0 PROTO=ICMP
TYPE=3 CODE=13 [SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=125 ID=3719
PROTO=UDP SPT=137 DPT=137 LEN=58 ]
Jun 27 22:08:54 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3720 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64027 RES=0x00 ACK URGP=0
Jun 27 22:08:56 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=3723
PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 22:08:57 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=3725
PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 22:08:59 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=3727 DF
PROTO=TCP SPT=4848 DPT=3265
WINDOW=64240 RES=0x00 SYN URGP=0
Jun 27 22:08:59 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=11818 DF
PROTO=TCP SPT=3265 DPT=4848
WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jun 27 22:08:59 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3728 DF
PROTO=TCP SPT=4848 DPT=3265
WINDOW=64240 RES=0x00 ACK URGP=0
Jun 27 22:08:59 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=3729 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=64027 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:59 (none) kern.warn kernel: IN=ppp0 OUT=br0 PHYSOUT=vlan0 SRC=
219.93.175.234 <http://219.93.175.234> DST=192.168.1.2
<http://192.168.1.2>LEN=94 TOS=0x00 PREC=0x00 TTL=122 ID=11828 DF
PROTO=TCP SPT=21 DPT=4847
WINDOW=65484 RES=0x00 ACK PSH URGP=0
Jun 27 22:08:59 (none) kern.warn kernel: IN=br0 OUT=ppp0 PHYSIN=vlan0 SRC=
192.168.1.2 <http://192.168.1.2> DST=219.93.175.234
<http://219.93.175.234>LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3731 DF
PROTO=TCP SPT=4847 DPT=21
WINDOW=63973 RES=0x00 ACK URGP=0
Does these tell anything?
On 6/23/05, Jong Hian Zin <mail.zin@gmail.com> wrote:
>
> On 6/23/05, /dev/rob0 <rob0@gmx.co.uk> wrote:
> >
> > On Wednesday 22 June 2005 20:36, Jong Hian Zin wrote:
> > > http://202.188.95.52:8080/speedometer/
> > >
> > > The bandwidth test Java applet can be loaded, but unable to start the
> >
> > Does it work if not going through the OpenWRT?
>
>
> Yes, it works if I connect the PC directly to the ADSL modem, using PPPoE.
>
> Not from what you posted. iptables-save(8) would be easier to follow.
> > But you can probably troubleshoot this on your own by putting in -j LOG
> > rules for -s/-d 202.188.95.52 <http://202.188.95.52> traffic. Try it and
> > see what you get. Is
> > the openwrt capable of normal logging? Or maybe to a remote syslog
> > server?
> >
>
> I will try iptables-save and logging.
>
> --
> Jong Hian Zin
--
Jong Hian Zin
prev parent reply other threads:[~2005-06-28 2:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-23 1:36 Firewall blocking Java applet? Jong Hian Zin
2005-06-23 2:02 ` /dev/rob0
2005-06-23 2:31 ` Jong Hian Zin
2005-06-28 2:26 ` Jong Hian Zin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb82de5905062719264cd8b0a9@mail.gmail.com \
--to=mail.zin@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=rob0@gmx.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.