Thread: Strange UFW behaviour. Blocks some Port 80 requests when told not to.
hi,
have ufw installed on webserver. i've asked nicely allow web traffic, , ssh traffic on non-standard port:
however, when through ufw logs, see requests on port 80 being blocked:code:webserver:~# ufw status status: active action -- ------ ---- 222 allow anywhere 80 allow anywhere 443 allow anywhere 222 allow anywhere (v6) 80 allow anywhere (v6) 443 allow anywhere (v6)
this doesn't seem causing problems -- webserver can still accessed -- i'm curious why happening. fin , rst flags on packets?code:server:> grep "dpt=80" /var/log/ufw.log | more apr 21 03:28:44 blog kernel: [8550050.929758] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=99.177.92.3 dst=10.10.10.5 len=40 tos=0x 00 prec=0x00 ttl=115 id=4850 df proto=tcp spt=50027 dpt=80 window=4271 res=0x00 ack fin urgp=0 apr 21 03:29:03 blog kernel: [8550070.176027] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=99.177.92.3 dst=10.10.10.5 len=40 tos=0x 00 prec=0x00 ttl=115 id=5033 df proto=tcp spt=50025 dpt=80 window=0 res=0x00 ack rst urgp=0 apr 21 05:06:45 blog kernel: [8555931.726810] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.9 dst=10.10.10.5 len=52 tos=0x 00 prec=0x00 ttl=51 id=10030 df proto=tcp spt=49197 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:06:45 blog kernel: [8555931.730049] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.9 dst=10.10.10.5 len=52 tos=0x 00 prec=0x00 ttl=51 id=54079 df proto=tcp spt=47306 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:06:53 blog kernel: [8555939.888083] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.9 dst=10.10.10.5 len=52 tos=0x 00 prec=0x00 ttl=51 id=10031 df proto=tcp spt=49197 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:06:53 blog kernel: [8555939.890696] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.9 dst=10.10.10.5 len=52 tos=0x 00 prec=0x00 ttl=51 id=54080 df proto=tcp spt=47306 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:07:09 blog kernel: [8555956.211300] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.9 dst=10.10.10.5 len=52 tos=0x 00 prec=0x00 ttl=51 id=54081 df proto=tcp spt=47306 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:47:39 blog kernel: [8558386.029451] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.10 dst=10.10.10.5 len=52 tos=0 x00 prec=0x00 ttl=51 id=60315 df proto=tcp spt=34968 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:47:40 blog kernel: [8558386.686857] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.10 dst=10.10.10.5 len=52 tos=0 x00 prec=0x00 ttl=51 id=42017 df proto=tcp spt=55669 dpt=80 window=54 res=0x00 ack fin urgp=0 apr 21 05:47:40 blog kernel: [8558387.049957] [ufw block] in=eth0 out= mac=40:50:8b:02:03:05 src=69.10.179.10 dst=10.10.10.5 len=52 tos=0
yes, has flag bits. tcp connections, linux tends use "half-duplex" close sequence either side of session can initiate connection termination via single 2 way fin-ack handshake (which puts connection close_wait state), instead of full 4 way fin-ack handshake. when 1 includes routers , such, not uncommon, indeed common, 1 side might think connection has been terminated, while other side thinks has still open or not terminated. log file is, probably, showing entries cases computer thinks tcp had been closed , has forgotten it, client trying close session. in case got rst bit, can because client gave trying fin method , trying reset connection. observation only, rather authoritative reference, seems apple computers tend use fin , fin-ack more, , ms windows computers tend use rst more.is fin , rst flags on packets?
conclusion: fine.
Forum The Ubuntu Forum Community Ubuntu Official Flavours Support General Help [ubuntu] Strange UFW behaviour. Blocks some Port 80 requests when told not to.
Ubuntu
Comments
Post a Comment