I run a small server with a permanent internet connection. This server acts as proxy to supply about 10 win clients with access to the internet. The internal network uses addresses like 192.168.1.n (that's on my eth0).
I am confused by the following messages in my firewall log:
Nov 12 16:01:25 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19680 F=0x0000 T=60 SYN (#21)
What confuses me is the fact that the source (192.168.250.111) is not part of my subnet and that the dest. (192.168.250.0) is not my computer.
So - the packets that are reject by the firewall come across the internet side of your box eth1 - while - so you wrote - eth0 is your interface to internal.
I do not understand how this class c type packets get on my network segment (when I understand things right, those addresses are not routed at all). I just can tell that as soon as I pull the plug of eth1 those messages vanish (no big surprise).
Its possible to receive packets with class C IP's from external interface - while this may be a lan to - the lan of your provider !!! The packets goes to destiniation port 37, protocol tcp - what is the time server !! Maybe 192.168.250.0 is the IP of your external interface ? Michael