firewall connection log

Unanswered Question
Nov 7th, 2009

WOuld need advise on the attached logs from a connection , obtained by tcpdump on a firewall.

46.56.76.34 is the global ip of ours which is been NAT on the device. the private ip for this hosts a website, which is inaccessible.

202.94.66.21 is the internet ip used to check if the site is reachable.

Please suggest what does these logs indicate.

Thanks!

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Herbert Baerten Mon, 11/09/2009 - 01:00

The capture shows the client (202.94.66.21) sending a TCP SYN, followed by 46.56.76.34 sending a TCP RST.

This means that either the NAT is not configured properly, or the access-list is not permitting the inbound traffic, or the traffic goes through but the server is not listening to port 443.

Check the syslogs, check the same capture on the inside interface, check if you can connect to the server (on its private ip addess) from a client on the inside.

austin522 Tue, 11/10/2009 - 06:14

The logs which are attached in the notepad give me a feeling,when connection is intiated from 202.94.66.21 to 46.56.76.34 on port 443 the server which is 46.56.76.34 is replying with a RST packet.so this could be the server is not listening on port 443

Actions

This Discussion