I've got a strong pb and would like to have any opinion.... specialist, HELP!!
I've iptabes working fine since many 8 months but since some days stranges things appears. The main is today's : I've got a internal nated network with one DNS server in a pseudo-dmz (private ip) with SSH install on it. SSH is seted up allowing only DSA auth. The iptables gateway allow only the DNS (udp) traffic to be DNATed throught the DNS server. Not the SSH, used only internally, and nothing else UDP 53 packet. However, the forward chain log me many and many packets wich come from my DNS server port 22 to a public external ip. Since i've not allowed such a connection in my forward chain neither in the DNAT table, i don't understand how such a behaviour could be happen. Is it an intrususion? To stop this, i stoped the ssh demaon on the DNS server, but i would like to know what happened. Thanks for your help Vincent
