Sounds like a Cisco Router to me. -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Christopher Kruslicky Verzonden: zondag 1 mei 2005 2:46 Aan: misc@openbsd.org CC: adrian kok Onderwerp: Re: firewall log
On Saturday 30 April 2005 06:01 pm, adrian kok wrote: > 1/ Why are there 3 ipaddresses in this log what is source and > destination address? Because you have gotten an ICMP error message that includes an IP in the data. > 2/ 172.17.217.168 should be private ip and that address should not be > in public network How is it related to address 68.50.185.xxx? > What is happening here? source > destination > Apr 29 09:35:21.757779 rule 0/0(match): block in on > fxp0: > 203.xx.xx.251 > 68.50.185.xxx: icmp: host > 172.17.217.168 unreachable - admin prohibited filter It _looks_ like you (68.50.185.xxx) sent something (ping?) to the 172 address and it was blocked by a router at the 203 address, this would be the message returned. Whether you actually sent such a packet I don't know, seems if PF were keeping state this packet wouldn't be blocked if you had sent the earlier packet. Could it be that a packet to 172.17.217.168 took the default route and the 203 address is a border router?
