Hi see inline comments .
From: Derek Byram [mailto:derek@byram.org.uk]
[snip lengthy log]
Hi,
This is my first post to this list and this is my part interpretation since you don't seem to be getting any other replies.
If I'm wrong perhaps it will stimulate someone to correct me and I will learn as well.
Address 195.130.232.21
derek@gargoyle:~> whois 195.130.232.21
[snip whois output]
and the logs re proto2 are being generated at roughly 1 minute intervals.
I reason that your own ISP, Tiscali is pinging or port scanning you for it's own reason.
Feb 18 16:10:50 myhost kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=62.135.1.27 DST=62.11.78.46 LEN=78 TOS=0x00 PREC=0x00 TTL=105 ID=2133 PROTO=UDP SPT=1026 DPT=137 LEN=58
This looks like a scan on your net bios - (ports 137 to 139)
Now all that is left is a real expert on this list to tell us -
1) what protocol 2 does, if we need to worry about it and if there is anything sinister in the netbios scan, and
Protocol #2 is IGMP (Internet Group Management Protocoll) and it broadcasts on 224.0.0.1. E.g. routers use this protocoll to exchange information among each other. Have a look at /etc/sysconfig/scripts/SuSEfirewall2-custom, there should be a line like #example: allow incoming multicast packets for any routing protocol enable the rules below by deleting the '#' to get rid of the messages in your logfile. (And make sure you restart SuSEfirewall2)
2) if it's nothing to worry about, what you need in the firewall setup to allow these/this request/s.
It's nothing to worry about. Just a bit nasty if it fills your log.
3) explain about reserved ip addresses.
There are several ip-ranges, which are reserved for special use: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are private networks. Those address-ranges are not routed on the internet. 224.0.0.0 is a multicast network (see http://www.firewall.cx/multicast-ip-list.php for details)
Stands by ready with fire extinguisher for when the flames hit the fan ....
regards, Stefan