WEIRD TCP requests in Leopard Firewall Log
I decided to double check my security today and enabled the Leopard firewall to block all connections and I enabled stealth mode. I then took a look at the log, and I am seeing a lot of Stealth Mode connection attempt to TCP MY.IP:PORT from XX.XX.XXX.XXX. I traced one of the IPs and its coming from ANTIGUA AND BARBUDA, (according to http://remote.12dt.com/lookup.php). Should I be worried?
Edit: Oh yeah, I also use NAT to forward this port in my Time Machine. I'm thinking it has more to do with it being forwarded. I also checked some of the other IPs and many are form the US as well, it was luck (or unluck) that the first one I checked was from a foreign country.
null
It has to do with the Transmission.app library. It uses the system to connect.
Similar Messages
-
%ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510
Hi Friends,
I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
Error in CISCO VPN Client Software:
Secure VPN Connection Terminated locally by the client.
Reason : 414 : Failed to establish a TCP connection.
Error in CISCO ASA 5510
%ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
ASA Configuration:
XYZ# sh run
: Saved
ASA Version 8.4(4)
hostname XYZ
domain-name XYZ
enable password 3uLkVc9JwRA1/OXb level 3 encrypted
enable password R/x90UjisGVJVlh2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif outside_rim
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet0/1
duplex full
nameif XYZ_DMZ
security-level 50
ip address 172.1.1.1 255.255.255.248
interface Ethernet0/2
speed 100
duplex full
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.252
interface Ethernet0/3
speed 100
duplex full
nameif inside
security-level 100
ip address 3.3.3.3 255.255.255.224
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa844-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
domain-name XYZ
object network obj-172.17.10.3
host 172.17.10.3
object network obj-10.1.134.0
subnet 10.1.134.0 255.255.255.0
object network obj-208.75.237.0
subnet 208.75.237.0 255.255.255.0
object network obj-10.7.0.0
subnet 10.7.0.0 255.255.0.0
object network obj-172.17.2.0
subnet 172.17.2.0 255.255.255.0
object network obj-172.17.3.0
subnet 172.17.3.0 255.255.255.0
object network obj-172.19.2.0
subnet 172.19.2.0 255.255.255.0
object network obj-172.19.3.0
subnet 172.19.3.0 255.255.255.0
object network obj-172.19.7.0
subnet 172.19.7.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.0.0
object network obj-10.2.0.0
subnet 10.2.0.0 255.255.0.0
object network obj-10.3.0.0
subnet 10.3.0.0 255.255.0.0
object network obj-10.4.0.0
subnet 10.4.0.0 255.255.0.0
object network obj-10.6.0.0
subnet 10.6.0.0 255.255.0.0
object network obj-10.9.0.0
subnet 10.9.0.0 255.255.0.0
object network obj-10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network obj-10.12.0.0
subnet 10.12.0.0 255.255.0.0
object network obj-172.19.1.0
subnet 172.19.1.0 255.255.255.0
object network obj-172.21.2.0
subnet 172.21.2.0 255.255.255.0
object network obj-172.16.2.0
subnet 172.16.2.0 255.255.255.0
object network obj-10.19.130.201
host 10.19.130.201
object network obj-172.30.2.0
subnet 172.30.2.0 255.255.255.0
object network obj-172.30.3.0
subnet 172.30.3.0 255.255.255.0
object network obj-172.30.7.0
subnet 172.30.7.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-10.19.130.0
subnet 10.19.130.0 255.255.255.0
object network obj-XXXXXXXX
host XXXXXXXX
object network obj-145.248.194.0
subnet 145.248.194.0 255.255.255.0
object network obj-10.1.134.100
host 10.1.134.100
object network obj-10.9.124.100
host 10.9.124.100
object network obj-10.1.134.101
host 10.1.134.101
object network obj-10.9.124.101
host 10.9.124.101
object network obj-10.1.134.102
host 10.1.134.102
object network obj-10.9.124.102
host 10.9.124.102
object network obj-115.111.99.133
host 115.111.99.133
object network obj-10.8.108.0
subnet 10.8.108.0 255.255.255.0
object network obj-115.111.99.129
host 115.111.99.129
object network obj-195.254.159.133
host 195.254.159.133
object network obj-195.254.158.136
host 195.254.158.136
object network obj-209.164.192.0
subnet 209.164.192.0 255.255.224.0
object network obj-209.164.208.19
host 209.164.208.19
object network obj-209.164.192.126
host 209.164.192.126
object network obj-10.8.100.128
subnet 10.8.100.128 255.255.255.128
object network obj-115.111.99.130
host 115.111.99.130
object network obj-10.10.0.0
subnet 10.10.0.0 255.255.0.0
object network obj-115.111.99.132
host 115.111.99.132
object network obj-10.10.1.45
host 10.10.1.45
object network obj-10.99.132.0
subnet 10.99.132.0 255.255.255.0
object-group network Serversubnet
network-object 10.10.1.0 255.255.255.0
network-object 10.10.5.0 255.255.255.192
object-group network XYZ_destinations
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 10.11.0.0 255.255.0.0
network-object 10.12.0.0 255.255.0.0
network-object 172.19.1.0 255.255.255.0
network-object 172.19.2.0 255.255.255.0
network-object 172.19.3.0 255.255.255.0
network-object 172.19.7.0 255.255.255.0
network-object 172.17.2.0 255.255.255.0
network-object 172.17.3.0 255.255.255.0
network-object 172.16.2.0 255.255.255.0
network-object 172.16.3.0 255.255.255.0
network-object host 10.50.2.206
object-group network XYZ_us_admin
network-object 10.3.1.245 255.255.255.255
network-object 10.5.33.7 255.255.255.255
network-object 10.211.5.7 255.255.255.255
network-object 10.3.33.7 255.255.255.255
network-object 10.211.3.7 255.255.255.255
object-group network XYZ_blr_networkdevices
network-object 10.200.10.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
access-list acl-outside extended permit ip any host 172.17.10.3
access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
access-list acl-outside extended permit tcp any any eq 10000
access-list acl-outside extended deny ip any any log
pager lines 10
logging enable
logging buffered debugging
mtu outside_rim 1500
mtu XYZ_DMZ 1500
mtu outside 1500
mtu inside 1500
ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
nat (inside,outside) source dynamic obj-10.8.108.0 interface
nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
object network obj-172.17.10.3
nat (XYZ_DMZ,outside) static 115.111.99.134
access-group acl-outside in interface outside
route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
crypto dynamic-map dyn1 1 set reverse-route
crypto map vpn 1 match address XYZ
crypto map vpn 1 set peer XYZ Peer IP
crypto map vpn 1 set ikev1 transform-set vpn1
crypto map vpn 1 set security-association lifetime seconds 3600
crypto map vpn 1 set security-association lifetime kilobytes 4608000
crypto map vpn 2 match address NE
crypto map vpn 2 set peer NE_Peer IP
crypto map vpn 2 set ikev1 transform-set vpn2
crypto map vpn 2 set security-association lifetime seconds 3600
crypto map vpn 2 set security-association lifetime kilobytes 4608000
crypto map vpn 4 match address ML_VPN
crypto map vpn 4 set pfs
crypto map vpn 4 set peer ML_Peer IP
crypto map vpn 4 set ikev1 transform-set vpn4
crypto map vpn 4 set security-association lifetime seconds 3600
crypto map vpn 4 set security-association lifetime kilobytes 4608000
crypto map vpn 5 match address XYZ_global
crypto map vpn 5 set peer XYZ_globa_Peer IP
crypto map vpn 5 set ikev1 transform-set vpn5
crypto map vpn 5 set security-association lifetime seconds 3600
crypto map vpn 5 set security-association lifetime kilobytes 4608000
crypto map vpn 6 match address Da_VPN
crypto map vpn 6 set peer Da_VPN_Peer IP
crypto map vpn 6 set ikev1 transform-set vpn6
crypto map vpn 6 set security-association lifetime seconds 3600
crypto map vpn 6 set security-association lifetime kilobytes 4608000
crypto map vpn 7 match address Da_Pd_VPN
crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
crypto map vpn 7 set ikev1 transform-set vpn6
crypto map vpn 7 set security-association lifetime seconds 3600
crypto map vpn 7 set security-association lifetime kilobytes 4608000
crypto map vpn interface outside
crypto map vpn_reliance 1 match address XYZ_rim
crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
crypto map vpn_reliance 1 set security-association lifetime seconds 3600
crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
crypto map vpn_reliance interface outside_rim
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev1 enable outside_rim
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 2
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28000
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.8.100.0 255.255.255.224 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy XYZ_c2s_vpn internal
username testadmin password oFJjANE3QKoA206w encrypted
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXXtype ipsec-l2l
tunnel-group XXXXXXXXipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XYZ_c2s_vpn type remote-access
tunnel-group XYZ_c2s_vpn general-attributes
address-pool XYZ_c2s_vpn_pool
tunnel-group XYZ_c2s_vpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect ip-options
service-policy global_policy global
privilege show level 3 mode exec command running-config
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command crypto
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
: end
XYZ#Thanks Javier.
But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
access-list ACL-RA-SPLIT standard permit host 10.10.1.3
access-list ACL-RA-SPLIT standard permit host 10.10.1.13
access-list ACL-RA-SPLIT standard permit host 10.91.130.201
access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key sekretk3y
username ra-user1 password passw0rd1 priv 1
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key *********
username ******* password ******** priv 1
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto map vpn interface outside
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
group 1
lifetime 3600 -
We set up the Data Management Gateway and created a new data source (odata to SQL via sqL user)
Did a connection test and it was successful!
Tried the URL (maybe it needs more):
https://ourdomain.hybridproxy.powerbi.com/ODataService/v1.0/odatatest
That resolves to some :8051 port address and then spits out this message:
The server encountered an error processing the request. See server logs for more details.
I checked and the data management gateway is running.
Does that 8051 port need to be opened on our firewall for this server? How can I confirm that is the issue.. I see no event on the server indicating this is the issue?
I am seeing this event:
Login failed for user 'NT AUTHORITY\SYSTEM'. Reason: Failed to open the explicitly specified database 'PowerBiTest'. [CLIENT: IP of the Server]O365,
Is this still an issue?
Thanks!
Ed Price, Azure & Power BI Customer Program Manager (Blog,
Small Basic,
Wiki Ninjas,
Wiki)
Answer an interesting question?
Create a wiki article about it! -
How to read firewall log files
2 duration 0:03:04
<166>:%ASA-session-6-302014: Teardown TCP connection 2756946 for YOUB:184.31.212.174/80 to inside:10.10.10.1009/49945 duration 0:00:12 bytes 0 TCP FINs
<166>:%ASA-session-6-302014: Teardown TCP connection 2756947 for YOUB:184.31.212.174/80 to inside:10.10.10.1009/49946 duration 0:00:12 bytes 0 TCP FINs
<167>:%ASA-session-7-609002: Teardown local-host YOUB:184.31.212.174 duration 0:00:12
<167>:%ASA-session-7-609001: Built local-host inside:10.10.10.10
<166>:%ASA-session-6-302013: Built outbound TCP connection 2756977 for inside:10.10.10.10/21 (10.10.10.10/21) to identity:10.10.10.10/50476 (10.10.10.10/50476)
<163>:%ASA-sys-3-414001: Failed to save logging buffer to FTP server 10.10.10.10 using filename LOG-2014-02-13-190303.TXT on interface inside: [Device open error]
<166>:%ASA-session-6-302014: Teardown TCP connection 2756943 for YOUB:46.51.219.164/80 to inside:10.10.10.1009/49943 duration 0:00:12 bytes 0 TCP FINs
<166>:%ASA-session-6-302014: Teardown TCP connection 2756944 for YOUB:46.51.219.164/80 to inside:10.10.10.1009/49944 duration 0:00:12 bytes 0 TCP FINs
<166>:%ASA-session-6-302014: Teardown TCP connection 2756949 for YOUB:174.129.247.121/80 to inside:10.10.10.1009/49947 duration 0:00:12 bytes 0 TCP FINs
<166>:%ASA-session-6-302014: Teardown TCP connection 2756179 for YOUB:50.97.236.98/80 to inside:10.10.10.1009/49692 duration 0:02:23 bytes 8416 TCP FINs
<167>:%ASA-session-7-609002: Teardown local-host YOUB:50.97.236.98 duration 0:02:23
<166>:%ASA-session-6-302014: Teardown TCP connection 2756950 for YOUB:174.129.247.121/80 to inside:10.10.10.1009/49948 duration 0:00:12 bytes 0 TCP FINs
<161>:%ASA-session-1-106021: Deny UDP reverse path check from Testpdf to 10.10.10.10 on interface YOUB
<167>:%ASA-session-7-710005: UDP request discarded from Testpdf/137 to inside:10.10.10.10/137
<161>:%ASA-session-1-106021: Deny UDP reverse path check from Testpdf to 10.10.10.10 on interface YOUB
<167>:%ASA-session-7-710005: UDP request discarded from Testpdf/138 to inside:10.10.10.10/138
<166>:%ASA-session-6-302014: Teardown TCP connection 2756977 for inside:10.10.10.10/21 to identity:10.10.10.10/50476 duration 0:00:00 bytes 0 TCP Reset-O
<167>:%ASA-session-7-609002: Teardown local-host inside:10.10.10.10 duration 0:00:00
<166>:%ASA-session-6-302014: Teardown TCP connection 2754536 for YOUB:74.125.236.65/443 to inside:10.10.10.1046/49751 duration 0:10:05 bytes 187079 TCP FINs
<166>:%ASA-session-6-302013: Built inbound TCP connection 2756978 for inside:FinalPdf/3893 (FinalPdf/3893) to identity:10.10.10.10/443 (10.10.10.10/443)
<166>:%ASA-ssl-6-725001: Starting SSL handshake with client inside:FinalPdf/3893 for TLSv1 session.
<166>:%ASA-ssl-6-725003: SSL client inside:FinalPdf/3893 request to resume previous session.
<166>:%ASA-ssl-6-725002: Device completed SSL handshake with client inside:FinalPdf/3893
<165>:%ASA-config-5-111007: Begin configuration: FinalPdf reading from http [POST]
<165>:%ASA-config-5-111008: User 'cisco' executed the 'logging ftp-server 10.10.10.10 firwall/ vml vml' command.
<166>:%ASA-session-6-302014: Teardown TCP connection 2756978 for inside:FinalPdf/3893 to identity:10.10.10.10/443 duration 0:00:00 bytes 255 TCP Reset-O
<166>:%ASA-session-6-106015: Deny TCP (no connection) from FinalPdf/3893 to 10.10.10.10/443 flags FIN ACK on interface inside
<167>:%ASA-session-7-710005: TCP request discarded from FinalPdf/3893 to inside:10.10.10.10/443
<166>:%ASA-ssl-6-725007: SSL session with client inside:FinalPdf/3893 terminated.
<166>:%ASA-session-6-305011: Built dynamic TCP translation from inside:10.10.10.1010/50758 to YOUB:10.10.10.10/38671
<166>:%ASA-session-6-302013: Built outbound TCP connection 2756979 for YOUB:65.182.162.190/80 (65.182.162.190/80) to inside:10.10.10.1010/50758 (10.10.10.10/38671)
<166>:%ASA-session-6-305012: Teardown dynamic TCP translation from inside:192.168.2.37/52012 to YOUB:10.10.10.10/52872 duration 0:02:00
<166>:%ASA-session-6-305011: Built dynamic TCP translation from inside:10.10.10.1010/50759 to YOUB:10.10.10.10/49081Thanks lcfc,
While I did try googling the subjects, I didn't find those articles, so thanks.
I seem to be finding a lot of information, just not the right information : )
I'm still unsure about the way the .local subnet works, or if IRC introduces new vulnerabilities...although I'm not running any scripts of any kind. For instance, if I'm connected to an IRC server, will that "MyComputer.local" server be vulnerable?
This may seem trivial, but I'm just not sure how it works.
Power Mac G5/PPC Mac OS X (10.3.9) -
Re: How to interpret firewall log?
I am presently employing advanced firewall settings on my iMac G5 running Tiger 10.4.7, i.e., block udp traffic, enable firewall logging, and enable stealth mode. When I opened the firewall log for the first time today, I realized I didn't know what I was looking at. Can someone help me interpret what's going on? I guess I'm wondering if stealth mode is working properly?
Here's a sampling of what was happening several days ago:
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52668 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52671 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52678 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52679 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52681 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52688 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52690 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52691 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52693 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52692 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52694 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52695 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52699 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52700 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52698 from 66.230.172.18:80
Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52696 from 66.230.172.18:80Yes it is working properly.
These are often "tail-end charlies" from a connection you've left with your browser. If you move from one website to another, before the first one has fully loaded, then the firewall will log the un-used packets from the first site as "Stealth Mode connection attempt" because your browser is no longer listening to that site. Note that all the "attempts" are on port 80 (http).
I find, quite often, that ads and images from sites, other than the one you're actually visiting, can take quite a while to arrive, so if you've moved on at least a few packets are wandering around the 'net looking for a home. -
Firewall log - what's this mean?
I had a hardware router/firewall and IP address server, just down stream from my cable modem until that device died this week. I've reconfigured what I had to use my Airport Graphite to distribute IP addresses and share a single IP address for all the devices on the home network "using NAT and DHCP" and connected 2 computers and a network printer with a simple Ethernet switch/hub. (BTW, this provides noticeably faster speed to the internet!) I already had the OS 10.4 firewall turned on in the 2 MacBooks, but I also now enabled Stealth Mode and for the first time "Firewall logging."
So I later looked in the log file and I find:
"Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80"
10.0.1.8 is the IP for this MacBook. I think this says I'm being scanned by someone attempting to use port 52066 (???), from some other computer named 74.125.19.104 port 80 - is that correct? Should I be worried? Is there something else I should enable or disable? Naturally, I turned on the minimum number of services in the Firewall. BTW, how could I find out who/where 74.125.19.104 is? This went on for about 3 minutes last night but seems to have stopped now.
I think this also makes me believe I should go back to a hardware firewall upstream, right at the 'port of entry,' but I don't see much for sale these days (at home prices) that is a true firewall. I know a new Airport Extreme Basestation says it has a "built-in firewall" but I can't find any information about that feature, ie is it more than just NAT translation? Does anyone have a recommendation for a reasonably priced, easy to set up and manage firewall?
thanks!I have Snort NIDS running on my computer and get port scans similar to this reported to me all the time from numerous websites - for example, from these very discussions.apple.com forums. Port 443 is a server https port, your port 49235 is in all likelihood the randomly created outbound port that you initially established a web browsing connection with, hence, assuming this to be an established connection, it would have been forwarded through your router to your computer (to your 192.168.x.x address). This IPA belongs to akamai.com, I think they handle a lot of online purchasing and online billing stuff and stuff that requires logging in in some manner or another -- were you paying bills or buying something online or in an authenticated website at the time this occurred?
I don't understand why these port scans from established connections to reputable web servers happen, but I don't believe them to be abnormal. Perhaps someone who is a subject matter expert in enterprise-class web servers could weigh in here and explain what may be going on here. -
Passive FTP and the Leopard firewall
Hi,
We have an staff upload server that uses the built-in Leopard firewall. It is fed by two proprietary applications, one of which uses passive ftp only. We are getting a small number of incidents where the passive upload is unsuccessful. Initial contact is made (visible in the logs and as a connection in the server admin gui) but the upload doesn't proceed. A user might try uploading several times without success. On other occasions, the same user from the same computer has no problems at all.
We have the ftp service enabled on port 20-21 and the FTP service PASV port range enabled 49152-65535.
If I add the uploading computers' ip number to an access group with no port restrictions on the firewall, the uploads are always successful.
With my very limited knowledge of ftp and firewalls, this suggest that the negotiated port for the data transfer is outside the default port range used by Apple. Is this likely? Are there any implications in changing the range?
Or am I totally confused and should I be looking elsewhere?
Thanks,
Ross GloverBy default, the FTP server doesn't restrict itself to any particular passive port range. To make it match what the firewall claims it should be, edit the file /Library/FTPServer/Configuration/ftpaccess and add the line:
passive ports 0.0.0.0/0 49152 65535
...then restart the FTP service and retest. -
Snow Leopard is extremely fast & stable for me on my 3 Macs. One problem though - I was unable to find the option to disable firewall logging which was available in Leopard.
System Profiler says firewall logging: No. But in the same System Profiler, appfirewall.log file keeps growing (with Stealth Mode enabled).
Is there a way to disable firewall logging or is it a bug that will be addressed in the next update?
Thanks for any help.
Best - KrishnaMohan.I've found a way to disable logging while keeping stealth mode enabled. Unfortunately, it involves a little manual plist editing and converting from/to binary xml format. Here's what worked for me in a terminal session:
cd /Library/Preferences
sudo plutil -convert xml1 com.apple.alf.plist
Careful, that's a lower case 'L' and a number '1' above.
sudo nano com.apple.alf.plist
search (ctrl-W) for the key loggingenabled
change the integer value to 1
save the file (ctrl-O)
quit nano (ctrl-X)
sudo /usr/bin/plutil -convert binary1 com.apple.alf.plist
That should do it but to be safe you might want to log out and back in (or restart for overkill).
I don't know about others, but the volume of my denied connection attempts really taxed the appfirewall.log. Often there were several entries logged every second. -
What does "P:2" mean in the firewall log?
i am getting entries like this in my firewall log:
63300 Deny P:2 169.254.68.70 224.0.0.251 in via en1
what is "P:2" and how should i deal with this kind of traffic? we are having some odd network issues related to the firewall so i'd like to make the P:2 stuff Allowed instead of Denied, but these entries have no port number and they are neither TCP nor UDP, so i can't see where in the UI to make a change...right, 169.254.x.x would be one of the office machines that hasn't picked up an IP from the DHCP server yet. 224.0.0.251 is related to bonjour somehow... i am thinking that the machine with the self-assigned IP is using bonjour to talk to other machines on the LAN, or to discover the DHCP server or something like that.
but -- my problem is that i can't figure out what rule in the firewall is causing these P:2 packets to get denied, and likewise how i would go about changing the firewall to accept these packets. for now i've set up an address group for 169.254.0.0/16 and told the firewall to accept all traffic from those IPs, but i still don't understand what P:2 means or why these connections don't have an associated port (which implies that "allow all traffic" is doing something different than checking the box for every service in the list). -
Hi, I just posted this in a different category on the forums, but I haven't received a response. Maybe this is a better category for the topic.
I have been having some trouble with the firewall log recently. I have firewall logging enabled in the security menu of System Preferences. I also have the firewall set to Allow Specific Programs. However, when I try to view the firewall log, the error that is returned to me in console is:
LSOpenFromURLSpec() returned -43 for application (null) path /var/log/appfirewall.log.
What does this error mean, and how can I go about fixing it? The firewall no longer asks me if I want to allow new programs that I run, and I thought this could be the culprit. I just did a clean install of Leopard, and now this has happened. Thanks for any help.It likely means that for whatever reason you have no /var/log/appfirewall.log file.
At the very least, you should have the following file in /var/log:
<pre>$ ls -l /var/log/app*
-rw-r----- 1 root admin 47268 Dec 30 03:53 appfirewall.log</pre>
If you don't have one, you may need to create one; let me know if you're missing it and I'll give you further instructions. -
Firewall Log Glossary or Definitions
Hello,
Does anyone know of a document that explains the various terms that appear in Leopard's firewall log?
Much obliged,
GregoryDid you try searching the Knowledge Base at support.apple.com? Again, you might post the terms you would like explained. Searching Google for a specific term may also help. There would likely be one or more Wikipedia articles that pop up.
-
Firewall Log won't Display ??
Attempts to open the firewall log from the Advanced dialog of the preferences/security/firewall settings seem to be ignored. Clicking on the open log ... button results in momentary change of button to blue ... then blue highlight goes back to OK button.
I just turned on firewall protection, so maybe log is empty, but I'd still at least to see an empty log.
Nothing happens??? I'm logged in as an administrator.
What gives?Looking at ipfw.log with the console reveals an empty log. Perhaps the log display in the advanced firewall settings ignores the open log request by design if the log is empty. ... I guess I would have expected to get a new dialog window showing an empty log ... as when you inspect the file with the console.
I checked my macpro the same way and found many rejected UDP's and Stealth Mode rejections ... but they come in bunches ... so attempts on sending to my new laptop might not have happened yet.
I'll keep this question open until enough time has expired that I would expect there to be some log entries ... and then see if the behavior still persists.
Thanks -
Bit Confused About Leopard Firewall
Hey ya'll!
I'm a little confused about what's going on with the Leopard firewall. It seemed that before, you could choose an application, and which ports you wanted to associate with it, via the System Preferences > Sharing > Firewall tab. Now, they went and moved it, and you can only choose the app, and whether it can receive incoming connections. OK, fine. So let's see what ports are open:
Thee-MacBook:~ rick$ sudo ipfw list
Password:
33300 deny icmp from any to me in icmptypes 8
65535 allow ip from any to any
Huh? How come I'm only seeing two rules here?
My original concern was for SoulseeX, and whether the required range of ports were open. While I can search and download, others have problems downloading from me, and I cannot directly connect to others, and other weirdness. So I decided to start checking things out.
I do have SoulseeX listed in the Firewall tab, and set to receive incoming connections. But when I used this site <http://closer.s11.xrea.com/etc/port_scan.php> to test port 2234, it returned "failed".
In short, here's what I'm wondering:
Is the Firewall tab in System Preferences using ipfw?
By setting an app in the Firewall tab in System Preferences, is the entire range of ports the app wants, in SoulseeX' case, 2234, 2235, 2236, 2237, 2238, 2239, and 2240, made available?
How can I see what rules are being used, what ports are open?
Will writing (a couple of) my own rules to ipfw screw up the other settings in the Firewall tab? I would, if possible, like to keeps things simple, and not have to rewrite all the rules by hand. Besides, I'm not exactly an expert!
TIA!Leopard's application firewall is not a port firewall. I'm not sure where you would be able to see the actual port numbers that an application has opened, but your failures may be due to the ports being stealthed. Theipfw firewall is still there if you want to use it - the new firewall won't overrule it.
-
Frequently I see in the console that firewall logging cuts out. It's happening again today and hope someone could identify why.
I only use mac for small amount of surfing and have no additional applications installed at the moment due to just reinstalling OS.
F/W settings are to allow only essential services, stealth mode on.
After firewall stopped logging at 09.41, "All Messages" in console shows:
21/04/2010 09:45:58 /usr/sbin/ocspd[163] starting
21/04/2010 09:51:34 [0x0-0x11011].com.apple.Safari[110] pty 1
21/04/2010 09:51:34 [0x0-0x11011].com.apple.Safari[110] Canceleld; 0; Empty 1
and then plenty of repeats of the 3rd line above: "...Canceleld; 0; Empty 1" until 11.28 a.m.
Firewall log:
Apr 21 09:40:12 ***-macbook Firewall[37]: Stealth Mode connection attempt to TCP 192.168.1.nn:50221 from nnn.nnn.nnn.nnn:80
Apr 21 09:41:01 ***-macbook Firewall[37]: Stealth Mode connection attempt to TCP 192.168.1.nn:50221 from nnn.nnn.nnn.nnn:80Can't help you, sorry, but I also have many instances of the "....Canceleld; 0; Empty 1"
Given the mis-spelling of the error message, it should be fairly easy for someone at Apple to identify what's causing this error at least, if not the cause. -
I had closed Firefox after briefly running it and then tried to reopen it anew but got a message that said "Firefox is already running but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
I logged off my computer, and later restarted. However, when I checked my Firewall log it showed that during the minute I had my computer on earlier there were about a dozen instances of "Firefox is preparing to access the internet" which were recorded just seconds apart.
I don't have the problem now -- restarting apparently took care of the issue -- but I don't understand why there were so many instances of Firefox preparing to access the internet when I was not clicking on it all those times, the one time I did I got a message that it already was running, and there were no tabs on my screen to reflect all those supposed instances.
Thanks for any insight that folks can offer.Were that Firefox processes or plugin-container processes?
*http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
*https://support.mozilla.org/kb/What+is+plugin-container
In case you are using "Clear history when Firefox closes", try to exclude the cookies in case you currently have selected this.
*Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
*https://support.mozilla.org/kb/Clear+Recent+History
Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.
Firefox will try to remove cookies created by plugins in case you clear the cookies and that can result in plugin-container processes getting created.
Maybe you are looking for
-
i broke my old iphone.. The screen will not turn no to unlock it ..i have photos and ringtones i want to recover.. how do i get the back and sinc on me new iphone??
-
Environment. SunOS CSF-1 5.10 Generic_138888-03 sun4u sparc SUNW,Sun-Fire-V245 Can anyone help me that I need to trace one application process -? The Issue is every day one of the user process is killing automatically two or three times. Kindly help.
-
How to uninstall the adobe reader
Hello Everyone! I have the ADobe Reader in my system and I want to uninstall it. Could you help me on how I could I uninstall it. Thank you for your help.
-
Hi All: I am new to an Essbase environment. One thing I noticed in EAS is that some of configuration seems to be commented out unintentionally. Here is the config file: ; The following entry specifies the full path to JVM.DLL ; JvmModuleLocation $J(E
-
Error in register workflow manger
i used this code in sharepoint power shell to register workflow manger Register-SPWorkflowService -SPSite "http://sp10" -WorkflowHostUri "http://sp11:12291" -AllowOAuthHttp it is giving me this error: Register-SPWorkflowService : Failed to query the