Hi again, This is what I have set up Internet-------------->>>>> ADSL Router>>>>>>>NT SBS with SMTP only - plus firewall and Proxy --------------------->>>>> Same >>>>>>>>>>>>>Linux 7.3 Suse - Web Server + forward rules to DB server The NT machine is connected to our internal network it has 2 nic's 10.0.0.xxx plus 62.49.zzz.xxx (as in the log) The Linux machine is also connected to our internal network it too has 2 nic's 10.0.0.5 plus 62.49.zzz.yyy. Are the packets somehow getting past the NT firewall - how can I tell where they are coming from. Regards Kevin -----Original Message----- From: Michael Appeldorn [mailto:appeldorn@codixx.de] Sent: 08 March 2002 14:40 To: SuSE Security (E-mail); Kevin Passey Subject: Re: [suse-security] Firewall2 log - What does this mean Quite easy [snip] What does "kernel: martian source aabbccdd for 11223344, dev eth0" mean? These are packets that Linux does not expect from the direction they came from (i.e. packets from internal hosts coming in on the external interface). The cause is probably a misconfigured machine on your LAN. You can turn off logging those packets via /proc/sys/net/ipv4/conf/*interface*/log_martians which is documented in /usr/src/linux/Documentation/proc.txt [snap] Michael Appeldorn