At 03:37 PM 2/10/03 -0500, [EMAIL PROTECTED] wrote:
Hello,This is a connection to the NTP (Network Time Protocol) port on some outside server. If that host is also your DNS forwarder, that is just coincidence (DNS uses port 53, not 123).
Looking at my firewall via the webbrowser I have the following situation within the current connections:
Masqueraded Connections::
udp src=192.168.1.44 1276 dst=194.109.6.65 123 --90 sec.
unknown src=599 dst=10.0.0.138 dst=src=10.0.0.2 src=10.0.0.138 --47 sec. use=1I infer from your comments that this is a connection to the DSL modem, but its format makes no sense to me.
Well, has whoever on your LAN uses those 2 workstations connected to Web servers at these addresses recently (in the last day, roughly)? The first one takes me to the World Chess Federation, the second to a site that apparently has no default page.tcp src=192.168.1.44 2010 dst=65.197.157.202 80 --74882 sec. ESTABLISHED tcp src=192.168.1.97 1116 dst=208.254.63.58 80 --60133 sec. ESTABLISHED
What timeout for inactive MASQ connections do you have set in your ipchains configuration script? BY default, ipchains uses very short timeouts, short enough to be disruptive in everyday use, so firewall scripts often raise the timeouts quite a bit (with roughly 4000 MASQ ports available, port shortage is rare in small-LAN settings). Granted, 16 qnd 20 hours are long times, but these *may* simply be old connections that have not timed out yet. I can't say while knowing no details about your setup.
Or they may be something else. Increasingly, new services that might be blocked by network managers (think p2p services) are being set up to use port 80 as a fallback, since it is hard to have a LAN with meaningful access to the Internet if you block that port. So it is *possible* that these users are running something you don't want them running (though I must admit that my imagination fails me when I attempt to come up with illicit chess-related activity).
I understand the connection to the dns server and the connection between firewall and adsl modem, but i don't understand the other two connections.
Those ip-numbers seem to have a connection for a very, very long time. My question: is this normal behaviour or is there something wrong?
-- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
