[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Logs messages, I'm confused ??
I bumped into the same(similar) problem and when I discovered the problem - I went home for a beer. I had deleted or added a couple of rules and didn't install it. The next day while looking at the logs, I found that they weren't matching up. I manually looked throught the $FWDIR/conf directory and realized I hadn't applied my changes, so the rulebase rule #'s were off. Arrrggg. Would this be it? Robert (it was late on a Friday afternoon BTW) - - Robert P. MacDonald, Network Engineer e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> Simon Guo <[email protected]> 9/29/00 3:35:53 PM >>> > >I am more confused. > >I have a rule 7 allowing a service with a rang of ports. And the logviewer >shows the service ports are droped by rule 15 which is a "Accept" rule of >other src/des/service. > >Can anyone explain/speculate any possible cause of this? The service does be >affected and I want the service up. > >Thanks > >Simon > >-----Original Message----- >From: Sukhpreet Singh [mailto:[email protected]] >Sent: Friday, September 29, 2000 2:39 PM >To: 'John Gesualdi'; fw >Subject: RE: [FW1] Logs messages, I'm confused ?? > >They look like "drops" to me instead of "rejects". And seems like they're >being dropped because of your rule # 59. > >-----Original Message----- >From: John Gesualdi [mailto:[email protected]] >Sent: Friday, September 29, 2000 2:02 PM >To: fw >Subject: [FW1] Logs messages, I'm confused ?? > >I'm running FW1 4.0 SP5 on a Nokia. I have a Web server in my DMZ, I'm >noticing >allot of rejects in my logs for this web server. They look like these and >I'm >getting a whole bunch. The weird thing is that my site is up and I have not >gotten any complaints from users trying to access it. > >21:59:59 drop frt >eth-s1p1c0 proto tcp src d181820ad.rochester.rr.com >dst >www service http s_port 2439 len 48 rule 59 > >21:59:59 drop frt >eth-s1p1c0 proto tcp src cache-dg09.proxy.aol.com >dst >www service http s_port 50655 len 48 rule 59 > >The FW1 log viewer shows these coming from "daemon" and rule 0. Can someone >try >to explain this. I'm concerned that I may be losing hits. Thanks very much. >-- >John Gesualdi >The Providence Journal Company >Phone>Pager>CCDP,CCNP ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|