On Tue, 13 Nov 2001, Ray Leach wrote:
Hi
sis.frohn@gmx.de wrote:
Hi List,
I run a small server with a permanent internet connection. This server acts as proxy to supply about 10 win clients with access to the internet. The internal network uses addresses like 192.168.1.n (that's on my eth0).
What is your subnet mask?
My subnet (internet side, eth1) uses addresses like 212.something
I use the "personal firewall" to block all incoming connections on my
eth1
(the internet side).
I am confused by the following messages in my firewall log:
Nov 12 16:01:25 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19680 F=0x0000 T=60 SYN (#21)
These could be SYN packets that are new connections comming from the internet. Your ISP may have you on a 192.168.250.x subnet.
No. And I contacted the provider but have no response so far. I can't even ping that machine (192.168.250.111 - not very friendly).
Nov 12 16:01:45 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19681 F=0x0000 T=60
Nov 12 16:02:05 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19682 F=0x0000 T=60 SYN (#21) Nov 12 16:02:45 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19683 F=0x0000 T=60 SYN (#21) Nov 12 16:02:54 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19685 F=0x0000 T=60 SYN (#21) Nov 12 16:02:59 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19686 F=0x0000 T=60 SYN (#21) Nov 12 16:03:09 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19687 F=0x0000 T=60 SYN (#21) Nov 12 16:03:29 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19688 F=0x0000 T=60 SYN (#21) Nov 12 16:03:49 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19689 F=0x0000 T=60 SYN (#21)
This really fills up my log file.
What confuses me is the fact that the source (192.168.250.111) is not
SYN (#21) part
of my subnet and that the dest. (192.168.250.0) is not my computer.
I do not understand how this class c type packets get on my network segment (when I understand things right, those addresses are not routed at all). I just can tell that as soon as I pull the plug of eth1 those messages vanish (no big surprise).
I am not an computer expert so forgive me in case this is a totally stupid question. But I could not find an answer to my question in the literature...
Thank you for your help,
Josef
-- J. Frohn
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net