| View previous topic :: View next topic |
| Author |
Message |
FrancoisVal
Tux's lil' helper
Joined: 12 May 2005
Posts: 82
Location: Namur, Belgique
|
 Posted: Mon May 04, 2015 8:00 pm Post subject: Incoming traffic from google blocked by iptable |
 |
|
Hello everybody,
I have started logging packets dropped by IPtables and I see strange incoming packets from google like these ones (all the IP starting with 74.125.135):
[ 6144.304491] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=64.202.112.7 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=63912 DF PROTO=TCP SPT=80 DPT=37655 WINDOW=0 RES=0x00 RST URGP=0
[ 6144.304508] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=64.202.112.7 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=63913 DF PROTO=TCP SPT=80 DPT=37655 WINDOW=0 RES=0x00 RST URGP=0
[ 6202.643465] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.157 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=6873 PROTO=TCP SPT=443 DPT=43709 WINDOW=0 RES=0x00 RST URGP=0
[ 6202.643511] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.157 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=6874 PROTO=TCP SPT=443 DPT=43709 WINDOW=0 RES=0x00 RST URGP=0
[ 6202.643526] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.157 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=6876 PROTO=TCP SPT=443 DPT=43709 WINDOW=0 RES=0x00 RST URGP=0
[ 6213.827233] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=26250 PROTO=TCP SPT=443 DPT=34934 WINDOW=0 RES=0x00 RST URGP=0
[ 6213.827274] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=26251 PROTO=TCP SPT=443 DPT=34934 WINDOW=0 RES=0x00 RST URGP=0
[ 6279.673582] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=44494 PROTO=TCP SPT=443 DPT=35205 WINDOW=0 RES=0x00 RST URGP=0
[ 6279.673620] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=44495 PROTO=TCP SPT=443 DPT=35205 WINDOW=0 RES=0x00 RST URGP=0
[ 6344.555544] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.120 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=20001 PROTO=TCP SPT=443 DPT=40114 WINDOW=0 RES=0x00 RST URGP=0
[ 6344.555583] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.120 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=20002 PROTO=TCP SPT=443 DPT=40114 WINDOW=0 RES=0x00 RST URGP=0
I don't understand how this happens. The incoming port on my PC seems to be totally random and are not open on my router. Can somebody explains what is happening ? Should I worry about it ? I have the followinng rule to allow incoming related packets:
| Code: | | iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
I don't see any problems while surfing on internet. Should I worry about this ?
Thanks in advance for your help.
_________________
François Valenduc |
|
| Back to top |
|
 |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 4148
Location: Bavaria
|
| Posted: Mon May 04, 2015 8:46 pm Post subject: |
|
|
I dont think you have to worry about. If you see this in your log your firewall worked well.
Do you have an Internet-Connection who will be daily terminated from your Internet-Provider ? Do you have the droppings at the same time ?
If yes, your Router can get a new IP-Adress after the reconnect ... from someone who was just connected to SCN or Google or ... and the servers from google, etc. try to answer. |
|
| Back to top |
|
|
|
Networking & Security
