HiHO...
Feb 3 14:55:33 mutter kernel: IP fw-in deny eth0 TCP 212.46.108.129:22990 212.xxx.xx.xxx:113 L=44 S=0x00 I=18080 F=0x0000 T=54
how to find the answer: first have a look, what service is contacted:
grep 113 /etc/services auth 113/tcp tap ident authentication
then have a look, what machine starts the connection:
nslookup 212.46.108.129
Name: www.netgroup.de Address: 212.46.108.129 o.k. and then think about, what you have to do with this server ?? as your internal ip-address starts with 212. i think, it could be your provider. so have a look at your official mailexchangers:
nslookup set qt=MX gosub.de
gosub.de preference = 10, mail exchanger = jupiter.netgroup.de gosub.de preference = 20, mail exchanger = sirius.netgroup.de gosub.de nameserver = jupiter.netgroup.de gosub.de nameserver = sirius.netgroup.de jupiter.netgroup.de internet address = 212.46.108.129 ^^^^^^^^^^^^^^ sirius.netgroup.de internet address = 195.138.34.209 so you got it: always when you contact to your isp for sending/ or fetching mail the smtp (or pop) daemon starts a try to check, if you really could be the one you claim to be... hint: i would set the rule for the authentication port to "reject" and not to "deny" - then you don't have to wait for the timeout. so far... stephan ____________________________________________________________ | .~. s.martin@odn.de | | /V\ fon +49(0)911.2256 03 | | /( )\ fax +49(0)911.2256 06 | | ^`~'^ mobile +49(0)173.380 43 12 | |___________________________________________________________|