antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  [Kerio 2.x] Rule 'Packet to unopened port received': Permitted
In filter.log, I see:
2,[21/Feb/2004 00:09:35] Rule 'Packet to unopened port received': Permitted: In UDP, 192.168.0.1:4096->localhost:514, Owner: no owner
I tried putting it into KPF's Trusted Added Group, but that didn't work. What exactly is this and is it something I can ignore (how?). I am using an old Netgear RT311 router (firmware v325).
Thank you in advance. 
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| Re: [Kerio 2.x] Rule 'Packet to unopened port received': Permitt
Since it's "to unopened port," there's nothing there to accept the packet, even if it gets through. That said, it's a syslog packet, which serves much the same purpose as SNMP, to send status and log messages to a computer on the network... if you want to capture them, you have to run a syslog daemon, something like Kiwi... here's a little syslog listener app you can use standalone, without installation, if you want to see what's being sent in them... I don't think they post it at the website, any longer.
It's not necessary to allow them, at all. Just a way of remotely cumulating and viewing log entries... Kerio 2.x is also able to send logs to a remote syslog daemon, just aside, if the correct checkbox is ticked in Administration...
--
I read Shakespeare and the Bible, and I can shoot dice. That's what I call a liberal education. |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| reply to antdude
Re: [Kerio 2.x] Rule 'Packet to unopened port rece
said by antdude  :
In filter.log, I see:
2,[21/Feb/2004 00:09:35] Rule 'Packet to unopened port received': Permitted: In UDP, 192.168.0.1:4096->localhost:514, Owner: no owner
Hmmm
Permitted?
Do you have "Is Running on an Internet Gateway" Checked? Unless you are running ICS it shouldn't be needed. If you want to drop all packets to unopened ports and are running ICS add a Block All IN rule as the final rule.
If you create a rule and tell it to permit or deny, from 192.168.0.1, IN, Local Port 514 and don't check "log when this rule matches", it won't be logged.
--
Dog and Butterfly |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by TheWiseGuy :
said by antdude :
In filter.log, I see:
2,[21/Feb/2004 00:09:35] Rule 'Packet to unopened port received': Permitted: In UDP, 192.168.0.1:4096->localhost:514, Owner: no owner
Hmmm
Permitted?
Do you have "Is Running on an Internet Gateway" Checked? Unless you are running ICS it shouldn't be needed. If you want to drop all packets to unopened ports and are running ICS add a Block All IN rule as the final rule.
If you create a rule and tell it to permit or deny, from 192.168.0.1, IN, Local Port 514 and don't check "log when this rule matches", it won't be logged.
Yes, I need it for VMware v4.0.5. Don't I or else VMware won't have Internet access? I will try that rule.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| said by antdude :
. Don't I or else VMware won't have Internet access?
Sorry I don't know whether you need "Is running on an Internet Gateway" for VMware or whether it is possible to run it simply by creating rules, it may be that Gateway mode is needed.
--
Dog and Butterfly |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  said by TheWiseGuy :
said by antdude :
. Don't I or else VMware won't have Internet access?
Sorry I don't know whether you need "Is running on an Internet Gateway" for VMware or whether it is possible to run it simply by creating rules, it may be that Gateway mode is needed.
Yeah, I think I saw that note about VMware and setting Internet Gateway in one of the threads in this forum. The rule not to log this issue works.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
WufDog
Cruise Ship Just Passing Through
join:2000-12-30
Kingwood, TX
2 edits | reply to antdude
Re: [Kerio 2.x] Rule 'Packet to unopened port received': Permitt
I have seen something similar with a friend running Connectix VPC.
I believe his had to do with with what looked like DHCP [involved ports 68 and 67]. He made a rule that permitted it and no log.
It was different from normal DHCP, the port numbers had to be reversed.
IN computername 0.0.0.0 Local 67 -> localhost 127.0.0.1 remote 68
-WufDog |
|
