I know "What's this in my logs" is a common query, but I really am confused this time. I'm getting a few of these in /var/log/messages per minute.
Jan 15 10:40:14 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254 .254:80 217.149.96.2:61797 L=44 S=0x00 I=23250 F=0x0000 T=60 (#42) Jan 15 10:40:29 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254 .254:80 217.149.96.2:61795 L=44 S=0x00 I=23251 F=0x0000 T=60 (#42) I'm confused because eth0 is my external interface. 217.149.96.2 is the ext IP of the firewall. 192.168.254.254 doesn't appear anywhere on the LAN. The log analyser at http://www.echogent.com/cgi-bin/fwlog.pl tells me it's a return packet from a website someone on my network is trying to view, but given the 192.168.x.x source address I'm not sure that's correct. One more thing that may be significant (or just simple coincidence), I had our ADSL service changed from NAT to no-NAT in December, and the NAT router's internal address was 192.168.254.254. I changed over from Eigerstein to Dachstein at the same time though (effectively starting from scratch), so I don't think it's possible I've got some old setting in the firewall still hidden somewhere. Does anyone have any ideas? thanks Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user