Hi Richard, On 2001.07.18 17:56:28 +0100 Richard Ibbotson wrote:
The latest one says ..........
output DENY ippp0 PROTO=17 xxx.xxx.xxx.xxx:61555 194.247.47.47:53 L=61 S=0x00 I=4974 F=0x4000 T=63 (#5)
This means that your firewall (rule 5) has blocked a TCP (proto 17) packet, which would have gone out over ippp0 from you (xxx.xxx.xxx.xxx) to your ISP's nameserver. The incrementing source port number is nothing to worry about in itself, that is normal Linux behaviour.
The source of the data packet would seem to be the local machine. So far it started at port 36552 earlier on and now it's at port 61555 and still going up.
Just can't understand where it's coming from on the local machine ?
You will have some process(es) running, which need to do name queries, (eg sendmail, samba, etc etc...). In /etc/resolv.conf you have defined your ISP's server, so all queries go to it. The firewall rule (sensibly) stops the ISDN link being brought up automatically - imagine how much cost you would have if each of those packets had dialed your ISP... Once you find which daemons are causing the packets, and if you find you *need* them, then you will have to live with it. You could add a firewall rule to block these packets and not log them, or try using the /etc/ppp/ip-up script to rewrite resolve.conf as the isdn link comes up and down. (or run bind as a local caching-nameserver - see DNS-howto for info) I had this problem a while ago, and fudged around it untill I decide the best way to fix it (and loads of other issues! ) was a DSL link :) hehehe! HTH Maf.
Thanks
-- Richard
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~