Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Incoming traffic from google blocked by iptable
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
FrancoisVal
n00b
n00b


Joined: 12 May 2005
Posts: 71
Location: Namur, Belgique

PostPosted: Mon May 04, 2015 8:00 pm    Post subject: Incoming traffic from google blocked by iptable Reply with quote

Hello everybody,

I have started logging packets dropped by IPtables and I see strange incoming packets from google like these ones (all the IP starting with 74.125.135):


    [ 6144.304491] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=64.202.112.7 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=63912 DF PROTO=TCP SPT=80 DPT=37655 WINDOW=0 RES=0x00 RST URGP=0
    [ 6144.304508] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=64.202.112.7 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=63913 DF PROTO=TCP SPT=80 DPT=37655 WINDOW=0 RES=0x00 RST URGP=0
    [ 6202.643465] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.157 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=6873 PROTO=TCP SPT=443 DPT=43709 WINDOW=0 RES=0x00 RST URGP=0
    [ 6202.643511] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.157 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=6874 PROTO=TCP SPT=443 DPT=43709 WINDOW=0 RES=0x00 RST URGP=0
    [ 6202.643526] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.157 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=6876 PROTO=TCP SPT=443 DPT=43709 WINDOW=0 RES=0x00 RST URGP=0
    [ 6213.827233] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=26250 PROTO=TCP SPT=443 DPT=34934 WINDOW=0 RES=0x00 RST URGP=0
    [ 6213.827274] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=26251 PROTO=TCP SPT=443 DPT=34934 WINDOW=0 RES=0x00 RST URGP=0
    [ 6279.673582] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=44494 PROTO=TCP SPT=443 DPT=35205 WINDOW=0 RES=0x00 RST URGP=0
    [ 6279.673620] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.132 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=44495 PROTO=TCP SPT=443 DPT=35205 WINDOW=0 RES=0x00 RST URGP=0
    [ 6344.555544] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.120 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=20001 PROTO=TCP SPT=443 DPT=40114 WINDOW=0 RES=0x00 RST URGP=0
    [ 6344.555583] IPTables-Dropped: IN=br0 OUT= MAC=08:9e:01:d2:52:bd:1c:af:f7:13:c8:90:08:00 SRC=74.125.136.120 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=20002 PROTO=TCP SPT=443 DPT=40114 WINDOW=0 RES=0x00 RST URGP=0


I don't understand how this happens. The incoming port on my PC seems to be totally random and are not open on my router. Can somebody explains what is happening ? Should I worry about it ? I have the followinng rule to allow incoming related packets:
Code:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT


I don't see any problems while surfing on internet. Should I worry about this ?

Thanks in advance for your help.
_________________
François Valenduc
Back to top
View user's profile Send private message
pietinger
n00b
n00b


Joined: 17 Oct 2006
Posts: 46

PostPosted: Mon May 04, 2015 8:46 pm    Post subject: Reply with quote

I dont think you have to worry about. If you see this in your log your firewall worked well.

Do you have an Internet-Connection who will be daily terminated from your Internet-Provider ? Do you have the droppings at the same time ?

If yes, your Router can get a new IP-Adress after the reconnect ... from someone who was just connected to SCN or Google or ... and the servers from google, etc. try to answer.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum