[Solved] dropped tcp (syn) packets.

synet2k · May 18, 2010, 10:46pm

I am seeing lots of tcp syn being drop at my router. Anyone has any idea what’s wrong?

1175.121.240.2 is running Mikrotik with DNS
202.65.40.233 is running cpanel

07:42:47 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45285->115.121.240.2:53, len 40
07:42:50 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45285->115.121.240.2:53, len 40
07:42:51 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45282->115.121.240.2:53, len 40
07:42:56 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45285->115.121.240.2:53, len 40
07:42:58 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45272->115.121.240.2:53, len 40
07:43:08 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45285->115.121.240.2:53, len 40
07:43:11 firewall,info DROP INPUT input: in:bg0 out:(none), src-mac 00:20:9c:69:6a:1d, proto TCP (SYN), 202.65.40.233:45277->115.121.240.2:53, len 40

fewi · May 18, 2010, 11:22pm

Is “allow-remote-request” set to yes on the DNS server? Are there any firewall filters that block that port?

synet2k · May 18, 2010, 11:39pm

Yes, “allow-remote-request” is set to yes.

By default that port is block, but I have rules that only allows my subnet to connect to Mikrotik.

synet2k · May 18, 2010, 11:56pm

I finally solved it. It’s my typo error at one of the rules. Thanks.

flaguna · August 5, 2010, 4:41pm

Dear, I have same problem, which was your solution?
thanks