After looking at my /var/log/messages, I find this one repeating all the time... May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54) It happens about every 1 to 2 seconds. The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box. How do I get rid of this??? Thanks, Tom -- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
It seems like your firewall is rejecting UDP packets
being sent from 10.10.10.10 with src port 61000 to MS
port 137 on your host. Obviously your host is not
listeing ;).
Martin
--- Tom Nielsen
After looking at my /var/log/messages, I find this one repeating all the time...
May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54)
It happens about every 1 to 2 seconds.
The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box.
How do I get rid of this???
Thanks, Tom
--
Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Tuesday 20 May 2003 00.23, Tom Nielsen wrote:
After looking at my /var/log/messages, I find this one repeating all the time...
May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54)
It happens about every 1 to 2 seconds.
The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box.
Are you running samba on that machine? Do you have some sort of reverse masquerading set up on that machine? Port 137 is something to do with windows file sharing, possibly netBIOS. The packet is rejected, so nothing gets through with this particular package, but it's still strange that it should get past the NAT. How exactly is the firewall configured?
--- Anders Johansson
On Tuesday 20 May 2003 00.23, Tom Nielsen wrote:
After looking at my /var/log/messages, I find this one repeating all the time...
May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54)
It happens about every 1 to 2 seconds.
The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box.
Are you running samba on that machine?
Do you have some sort of reverse masquerading set up on that machine?
Port 137 is something to do with windows file sharing, possibly netBIOS.
It's wins netbios packet encapsulated in IP/UDP. Martin The
packet is rejected, so nothing gets through with this particular package, but it's still strange that it should get past the NAT. How exactly is the firewall configured?
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Mon, 2003-05-19 at 15:35, Martin wrote:
--- Anders Johansson
wrote: On Tuesday 20 May 2003 00.23, Tom Nielsen wrote:
After looking at my /var/log/messages, I find this one repeating all the time...
May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54)
It happens about every 1 to 2 seconds.
The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box.
Are you running samba on that machine?
Do you have some sort of reverse masquerading set up on that machine?
Port 137 is something to do with windows file sharing, possibly netBIOS.
It's wins netbios packet encapsulated in IP/UDP.
Which means I should....? Tom
You should disable it on source host :) or just ignore
it if that's more feasible for you. In windows you
need to disable wins which I can't tell you how to do
of the top of my head.
Martin
--- Tom Nielsen
On Mon, 2003-05-19 at 15:35, Martin wrote:
On Tuesday 20 May 2003 00.23, Tom Nielsen wrote:
After looking at my /var/log/messages, I find
--- Anders Johansson
wrote: this one repeating all the
time...
May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54)
It happens about every 1 to 2 seconds.
The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box.
Are you running samba on that machine?
Do you have some sort of reverse masquerading set up on that machine?
Port 137 is something to do with windows file sharing, possibly netBIOS.
It's wins netbios packet encapsulated in IP/UDP.
Which means I should....?
Tom
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
The machine that's having the problem isn't a windows machine....RH 7.0 Wait! I installed it 2 years ago as a firewall and it's been working fine sense. Both IPs are for the RH box which is running IP Chains Tom On Mon, 2003-05-19 at 15:51, Martin wrote:
You should disable it on source host :) or just ignore it if that's more feasible for you. In windows you need to disable wins which I can't tell you how to do of the top of my head.
Martin
--- Tom Nielsen
wrote: On Mon, 2003-05-19 at 15:35, Martin wrote:
On Tuesday 20 May 2003 00.23, Tom Nielsen wrote:
After looking at my /var/log/messages, I find
--- Anders Johansson
wrote: this one repeating all the
time...
May 18 08:25:18 fwpc kernel: Packet log: output REJECT eth0 PROTO=17 10.10.10.10:61000 198.162.0.1:137 L=96 S=0x00 I=55998 F=0x0000 T=127 (#54)
It happens about every 1 to 2 seconds.
The 10.10.10.10 is my external IP and the 198.162.0.1 is my internal IP. This machine's purpose is a firewall box.
Are you running samba on that machine?
Do you have some sort of reverse masquerading set up on that machine?
Port 137 is something to do with windows file sharing, possibly netBIOS.
It's wins netbios packet encapsulated in IP/UDP.
Which means I should....?
Tom
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
-- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
participants (3)
-
Anders Johansson
-
Martin
-
Tom Nielsen