I run a small server with a permanent internet connection. This server acts as proxy to supply about 10 win clients with access to the internet. The internal network uses addresses like 192.168.1.n (that's on my eth0).
I am confused by the following messages in my firewall log:
Nov 12 16:01:25 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19680 F=0x0000 T=60 SYN (#21)
What confuses me is the fact that the source (192.168.250.111) is not
of my subnet and that the dest. (192.168.250.0) is not my computer.
So - the packets that are reject by the firewall come across the internet side of your box eth1 - while - so you wrote - eth0 is your interface to internal.
I do not understand how this class c type packets get on my network segment (when I understand things right, those addresses are not routed at all). I just can tell that as soon as I pull the plug of eth1 those messages vanish (no big surprise).
Its possible to receive packets with class C IP's from external interface
On Wed, 14 Nov 2001, Michael Appeldorn wrote: part -
while this may be a lan to - the lan of your provider !!!
The packets goes to destiniation port 37, protocol tcp - what is the time server !!
Maybe 192.168.250.0 is the IP of your external interface ?
No, it isn't. It is a valid IP starting with 212.something. That is the LAN of the provider which is not a class c network. Yes, somebody want's to know the time. I do not assume an attack. I am just wandering why my firewall cares because the IPs do not match. Josef
Michael
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net