Dear all,
I wonder if anyone can help explain why I get the following log entries:
Mar 3 17:57:31 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.254 DST=192.168.1.201 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=53426 DF PROTO=UDP SPT=53 DPT=1603 LEN=42 (repeated 4x, followed by the same, 4x, but with DPT=1607)
The obvious interpretation is that this is a response from a DNS server (dnscache?) running on the Bering firewall to a query from your son's laptop. Whether this "obvious" interpretation actualy makes sense depends on thing you haven't told us ... mainly, how do the other hosts on your LAN do DNS? If they use the Bering router, then I'm puzzled as to why it REJECTs DNS traffic to this one host. If they use something else, then it may be the case that you are running dnscache on the router but do not have Shorewall correctly configured to let it work ... but you don't normally notice it because the other hosts aren't using the router for DNS resolution.
If this doesn't hit the target, please tell us more of the details of your setup. The usual stuff; you know the routine.
These happen at seemingly random times, about once every week or so. My Bering LEAF system is set up with three interfaces - eth0 is the outside, eth1 is a local net, and eth2 is a dmz. Otherwise it's pretty much "out of the box" from Jacques Nilo's site. I am using static IPs on all machines (no dhcp). I don't understand why the firewall should be contacting one of the localnet machines, why port 53 is the source instead of a destination, as it would be for a DNS query, and why it picks only on 192.168.1.201. 192.168.1.201 is a Windows machine on the local net, but there is another one at 192.168.1.200, which doen't appear to get these rejected logs. Why not?
The machine on 192.168.1.201 is a laptop driven by my teenage son... I am always a litle nervous that something weird is going on on that machine, but can't find anything so far. I've done numerous virus scans and have asked my son what he was running at the time of the logs, but that hasn't gotten me very far as yet.
Does anyone recognize this kind of activity?
-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
