Firewall ACK DROP; help figure whats going on.

[CBx86]

A home network, low traffic. (AVG 200 kByte/s)

For curiosity i add the line:

Code: Select all

/usr/sbin/iptables -I zone_wan_dest_DROP -j LOG --log-prefix "IPTOut-Drop: " --log-level 4

Then i started see A LOT ACK @source https drop:

Code: Select all

Tue Mar 31 15:58:26 2020 kern.warn kernel: [13468.310544] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=3.217.50.203 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34478 DF PROTO=TCP SPT=443 DPT=2925 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x400
Tue Mar 31 15:58:26 2020 kern.warn kernel: [13468.328645] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=18.233.50.230 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=5523 DF PROTO=TCP SPT=443 DPT=2926 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x400
Tue Mar 31 16:00:37 2020 kern.warn kernel: [13599.351151] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=34.234.227.184 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=18265 DF PROTO=TCP SPT=443 DPT=2928 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x400
Tue Mar 31 16:08:35 2020 kern.warn kernel: [14076.734790] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=34.200.207.144 DST=myip.myip.myip.myip LEN=83 TOS=0x00 PREC=0x00 TTL=249 ID=55345 DF PROTO=TCP SPT=443 DPT=57972 WINDOW=117 RES=0x00 ACK PSH FIN URGP=0 MARK=0x400
Tue Mar 31 16:18:42 2020 kern.warn kernel: [14684.355581] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=172.217.29.14 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=126 ID=9503 PROTO=TCP SPT=443 DPT=39242 WINDOW=406 RES=0x00 ACK RST URGP=0 MARK=0x400
Tue Mar 31 16:18:42 2020 kern.warn kernel: [14684.373881] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=172.217.29.14 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=126 ID=9502 PROTO=TCP SPT=443 DPT=39242 WINDOW=406 RES=0x00 ACK RST URGP=0 MARK=0x400
Tue Mar 31 16:24:54 2020 kern.warn kernel: [15056.460646] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=216.58.202.202 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=0 DF PROTO=TCP SPT=443 DPT=34298 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x400
Tue Mar 31 16:33:42 2020 kern.warn kernel: [15584.442792] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=172.217.29.10 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=126 ID=27620 PROTO=TCP SPT=443 DPT=37004 WINDOW=386 RES=0x00 ACK RST URGP=0 MARK=0x400
Tue Mar 31 16:34:04 2020 kern.warn kernel: [15606.070890] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=172.217.29.10 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=126 ID=61956 PROTO=TCP SPT=443 DPT=37484 WINDOW=397 RES=0x00 ACK RST URGP=0 MARK=0x400
Tue Mar 31 16:34:36 2020 kern.warn kernel: [15638.235413] IPTIn-Drop: IN=pppoe-wan OUT= MAC= SRC=172.217.29.10 DST=myip.myip.myip.myip LEN=40 TOS=0x00 PREC=0x00 TTL=126 ID=4488 PROTO=TCP SPT=443 DPT=55354 WINDOW=397 RES=0x00 ACK RST URGP=0 MARK=0x400

And sometimes my stream service give a load, I cannot say that the events are linked. ACK Drop and Load on stream.

Code: Select all

  
3.217.50.203
18.233.50.230
34.234.227.184
AS14618 Amazon.com, Inc.

172.217.29.14
216.58.202.202
AS15169 Google LLC

72.217.29.10
AS22773 Cox Communications Inc

Can someone help-me figure? Or if it happens on your network?

Thanks!

[CBx86]

Delayed close connection.
Nothing to warn.