Dear all, I wonder if anyone can help explain why I get the following log entries:
Mar 3 17:57:31 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.254 DST=192.168.1.201 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=53426 DF PROTO=UDP SPT=53 DPT=1603 LEN=42 (repeated 4x, followed by the same, 4x, but with DPT=1607) These happen at seemingly random times, about once every week or so. My Bering LEAF system is set up with three interfaces - eth0 is the outside, eth1 is a local net, and eth2 is a dmz. Otherwise it's pretty much "out of the box" from Jacques Nilo's site. I am using static IPs on all machines (no dhcp). I don't understand why the firewall should be contacting one of the localnet machines, why port 53 is the source instead of a destination, as it would be for a DNS query, and why it picks only on 192.168.1.201. 192.168.1.201 is a Windows machine on the local net, but there is another one at 192.168.1.200, which doen't appear to get these rejected logs. Why not? The machine on 192.168.1.201 is a laptop driven by my teenage son... I am always a litle nervous that something weird is going on on that machine, but can't find anything so far. I've done numerous virus scans and have asked my son what he was running at the time of the logs, but that hasn't gotten me very far as yet. Does anyone recognize this kind of activity? Thanks for any advice... Jabez __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
