Firewall/NAT

Shows lots of blocked (red X's) for all kinds of stuff.
Like my girlfriend, from the LAN, browsing the web. Lots of red X's showing her IP as source and the website IP port 80. Like the firewall has blocked her from accessing that site, but it hasn't cause she can browse just fine.

Also when people visit my webserver on OPT1, even though they access it fine, I get red X's in the Firewall log.

Something fishy about this or?

EDIT: Doesn't seem very consistent though, sometimes you get red X's for obviously non-blocked stuff, and other times not....hard to tell since logs seem to appear late. A friend who closed his Firefox after visiting my page showed up like 5 minutes later as blocked in my logs, and stuff like that.

Oh, and maybe I should add....THERES NEVER ANY GREEN MARKS....just red X's and nothing else in firewall logs.

If you want 'green marks' in your firewall logs you have to define a filter to accept that specific traffic and in the filter enable logging. But with this your logs can be easily flooded.

Thanks I just noticed....that way I can get green marks cause someone visits my webserver, just to have a few red ones 20-30 seconds later

I noticed my girlfriends webbrowsing only seem to mark red X's with destination google port 80.
<edit> No sometimes theres other IP's too....and sometimes they show up like a few minutes after she left the pc....a whole bunch of google:80 and other sites IP's :80....on the LAN, blocked from her pc </edit>

Its not like google doesn't work, everything works, it just fills up with unlogical red X's for traffic that DOES PASS :s

Is it normal or what? The logs aren't really reliable?

Hard to reproduce though....sometimes she browses and nothing is logged....

This is crazy
Here is some logs, like 3-4 minutes after I quickly browsed through a bunch of sites on her pc.
My pc seems to never stuck in the logs like this.


click to select action    22:55:26.912221    LAN    192.168.0.4, port 2775    66.249.93.104, port 80    TCP
click to select action    22:55:26.474762    LAN    192.168.0.4, port 2774    66.249.93.99, port 80    TCP
click to select action    22:55:26.365432    LAN    192.168.0.4, port 2795    66.249.93.99, port 80    TCP
click to select action    22:55:25.271841    LAN    192.168.0.4, port 2775    66.249.93.104, port 80    TCP
click to select action    22:55:25.162473    LAN    192.168.0.4, port 2774    66.249.93.99, port 80    TCP
click to select action    22:55:24.450010    LAN    192.168.0.4, port 2774    66.249.93.99, port 80    TCP
click to select action    22:55:24.448414    LAN    192.168.0.4, port 2775    66.249.93.104, port 80    TCP
click to select action    22:55:24.446976    LAN    192.168.0.4, port 2795    66.249.93.99, port 80    TCP
click to select action    22:55:24.068905    LAN    192.168.0.4, port 2772    209.85.135.91, port 80    TCP
click to select action    22:55:16.960674    LAN    192.168.0.4, port 2788    213.136.35.39, port 80    TCP
click to select action    22:55:11.930233    LAN    192.168.0.4, port 2788    213.136.35.39, port 80    TCP
click to select action    22:55:09.437105    LAN    192.168.0.4, port 2788    213.136.35.39, port 80    TCP
click to select action    22:54:45.575082    LAN    192.168.0.4, port 2772    209.85.135.91, port 80    TCP
click to select action    22:54:26.328184    LAN    192.168.0.4, port 2772    209.85.135.91, port 80    TCP
click to select action    22:54:16.704740    LAN    192.168.0.4, port 2772    209.85.135.91, port 80    TCP
click to select action    22:54:11.892996    LAN    192.168.0.4, port 2772    209.85.135.91, port 80    TCP
click to select action    22:54:09.380300    LAN    192.168.0.4, port 2772    209.85.135.91, port 80    TCP
click to select action    22:53:08.903113    LAN    192.168.0.4, port 2743    66.249.93.127, port 80    TCP
click to select action    22:52:56.764447    LAN    192.168.0.4, port 2725    164.10.45.46, port 80    TCP
click to select action    22:52:47.140981    LAN    192.168.0.4, port 2711    66.249.93.127, port 80    TCP

Very rarely do I see a very small number of logged packets like you are showing. I don't have any idea what triggers it.

Very rarely do I see a very small number of logged packets like you are showing. I don't have any idea what triggers it.

Ok, hope its nothing to worry about. Things seem to work....just the firewall logs are crazy

I wont look much at them anyway I guess, just for some troubleshooting sometime maybe, and then it might be confusing seeing bogus logs.

Same stuff sort of from the WAN side, showing people not being able to access my webserver even if they are seeing it, and showing more blocks of that after they closed their browser and left my site.

Thanks for the answer anyway