Help! Tonight, we lost our internet connection to the web completly. When checking out my logs on the DS cd v1.0.2 router/firewall, I found what seemed like hundreds of ESTABLISHED connections to my router from various IP numbers.
Here is a very small sample of what weblet showed as Current Connections (viewmasq); IP masquerading entries prot expire source destination ports tcp 221:27.27 192.168.1.6 216.136.233.129 1033 -> 5050 (64102) tcp 217:19.06 192.168.1.3 216.136.226.117 1027 -> 5050 (63591) Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.254:80 192.168.1.2:34654 ESTABLISHED tcp 0 0 192.168.1.254:80 192.168.1.2:34652 TIME_WAIT tcp 0 0 192.168.1.254:80 192.168.1.2:34651 TIME_WAIT tcp 0 0 192.168.1.254:80 192.168.1.2:34648 TIME_WAIT tcp 0 0 192.168.1.254:80 192.168.1.2:34647 TIME_WAIT udp 0 112 24.118.176.41:29434 192.203.230.10:53 ESTABLISHED udp 0 112 24.118.176.41:57815 198.41.0.4:53 ESTABLISHED udp 0 112 24.118.176.41:14956 198.32.64.12:53 ESTABLISHED udp 0 0 24.118.176.41:29756 128.63.2.53:53 ESTABLISHED udp 0 0 24.118.176.41:60355 192.112.36.4:53 ESTABLISHED udp 0 0 24.118.176.41:41054 192.112.36.4:53 ESTABLISHED udp 0 0 24.118.176.41:32748 128.63.2.53:53 ESTABLISHED udp 0 0 24.118.176.41:30375 192.112.36.4:53 ESTABLISHED udp 0 0 24.118.176.41:60529 198.41.0.10:53 ESTABLISHED udp 0 0 24.118.176.41:48569 192.5.5.241:53 ESTABLISHED udp 0 0 24.118.176.41:6072 192.5.5.241:53 ESTABLISHED udp 0 0 24.118.176.41:53941 192.33.4.12:53 ESTABLISHED udp 0 0 24.118.176.41:58580 192.36.148.17:53 ESTABLISHED udp 0 0 24.118.176.41:42257 192.33.4.12:53 ESTABLISHED udp 0 0 24.118.176.41:43835 192.5.5.241:53 ESTABLISHED udp 0 0 24.118.176.41:39480 192.203.230.10:53 ESTABLISHED udp 0 0 24.118.176.41:5089 193.0.14.129:53 ESTABLISHED udp 0 0 24.118.176.41:11945 202.12.27.33:53 ESTABLISHED udp 0 0 24.118.176.41:51961 198.41.0.10:53 ESTABLISHED udp 0 0 24.118.176.41:60227 198.32.64.12:53 ESTABLISHED udp 0 0 24.118.176.41:33408 128.8.10.90:53 ESTABLISHED It appears that somehow this load balancing thing of using port 53 is trying to implement my router to use as one of their active connections. Now I have various entries in my /etc/network.conf under SILENT_DENY to block port 53 scans without logging, but none of these IP numbers are listed there. Question 1, do I have to add these as well so they cannot CONNECT to my router? I don't believe that is the answer though. Question 2, what can I do to prevent this from happening? Question 3, is there anyway to kill those connections without having to reboot the firewall/router? I tried svi network stop then svi network reload with no luck. This has happened before, but never to the point of having soooo many Active Internet connections (w/o servers) to the point of killing our net access. Has anybody else had this happen to them? Thanks for any help you have to offer. Keep up the good work Charles, am looking forward to seeing Dachstein cd v1.0.3(?) being released soon (hopefully!, I understand you are a very busy man though) Steve _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
