Hello list, I am getting these hits showing up on my firewall box running Bering UcLibc 2.2.2 with shorewall 2.0. I am not sure why these are happening...
Dec 21 12:23:15 Kronos-Saskatoon Shorewall:all2all:REJECT: IN=eth1 OUT= MAC=00:04:75:90:02:b2:00:0d:bc:26:c4:80:08:00 SRC=192.168.0.12 DST=154.123.247.142 LEN=44 TOS=00 PREC=0x00 TTL=127 ID=16967 DF PROTO=TCP SPT=1368 DPT=25 SEQ=767837137 ACK=0 WINDOW=8192 SYN URGP=0 My firewall rules clearly say that my mail server can e-mail outbound PORT 25 TCP. I am not sure why it looks like the mail server is trying to resolve to the external interface address. (154.123.247.142) These hits are generated 1:1 for every e-mail that comes in to our mail server at 192.168.0.12. My Policy looks like this: #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc net DROP ULOG net all DROP ULOG # If you want open access to the Internet from your Firewall # remove the comment from the following line. fw net ACCEPT fw loc ACCEPT # # THE FOLLOWING POLICY MUST BE LAST # all all REJECT ULOG My Rules look like this: #Allow Mail inbound DNAT net loc:192.168.0.150 tcp 25 #Postoffice (Mail relay - Virus / Spam scanner - Relay's mail to Exchange server @ 192.168.0.12) #Allow MAIL outbound FROM EXCHANGE ONLY!!! ACCEPT loc:192.168.0.12 net tcp 25 Can anyone tell me what could be happening here that would cause these hits? Am I missing something in my polices or rules? Thanks in advance! Troy ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
