Do you mean you got a log entry that looked like this?
Mar 19 16:55:09 trillian kernel: Packet log: input DENY eth1 PROTO=6
192.168.1.1:34539 192.168.1.2:1433 L=40 S=0x00 I=49099 F=0x0000
T=49 SYN (#8)
??
If so, then someone was poking at you. (Not uncommon.) If the kernel
denied a SYN/ACK and for some reason you can't connect to outside
hosts from the inside, then you've misconfigured your firewall.
Assuming your IP Masquerading works correctly, it is most likely the
case that someone was just poking at your firewall to see if something
would respond at 1433. Don't worry too much -- it isn't uncommon to
get scanned/poked/prodded from the Internet. (Even if you're connected
via DSL, cable modem, or just dial up PPP...) Your firewall is kindly
doing its job and not forwarding that packet to your inside network.
-Steve
On Mon, Mar 20, 2000 at 10:41:20AM +0100, Esteve Camps wrote:
> Hello,
>
> I have recently installed a firewall on my Linux machine. Some days ago
> I detected a line on /var/log/messages telling me that some computer has
> tried to send me a packet to 1433 port. I thought this port was
> Microsoft SQL Server one. It's posible it comes from another
> application?
>
> This kind of packets (those coming to 1433 port) generally appears when
> I navigate on WWW.
>
> Any suggestion ?
>
> Thanks in advance.
>
> Esteve Camps
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
--
______________________________________________________________________________
Steve Shah ([EMAIL PROTECTED]) | Alteon Web Systems Inc. (Developer/Sysadmin)
http://www.alteon.com | Voice: 408.360.5500 Fax: 408.360.5500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beating code into submission, one OS at a time...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
