Hi List, I run a small server with a permanent internet connection. This server acts as proxy to supply about 10 win clients with access to the internet. The internal network uses addresses like 192.168.1.n (that's on my eth0). I use the "personal firewall" to block all incoming connections on my eth1 (the internet side). I am confused by the following messages in my firewall log: Nov 12 16:01:25 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19680 F=0x0000 T=60 SYN (#21) Nov 12 16:01:45 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19681 F=0x0000 T=60 SYN (#21) Nov 12 16:02:05 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19682 F=0x0000 T=60 SYN (#21) Nov 12 16:02:45 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:8770 192.168.250.0:37 L=44 S=0x00 I=19683 F=0x0000 T=60 SYN (#21) Nov 12 16:02:54 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19685 F=0x0000 T=60 SYN (#21) Nov 12 16:02:59 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19686 F=0x0000 T=60 SYN (#21) Nov 12 16:03:09 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19687 F=0x0000 T=60 SYN (#21) Nov 12 16:03:29 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19688 F=0x0000 T=60 SYN (#21) Nov 12 16:03:49 server kernel: Packet log: rulchain REJECT eth1 PROTO=6 192.168.250.111:2627 192.168.250.0:37 L=44 S=0x00 I=19689 F=0x0000 T=60 SYN (#21) This really fills up my log file. What confuses me is the fact that the source (192.168.250.111) is not part of my subnet and that the dest. (192.168.250.0) is not my computer. I do not understand how this class c type packets get on my network segment (when I understand things right, those addresses are not routed at all). I just can tell that as soon as I pull the plug of eth1 those messages vanish (no big surprise). I am not an computer expert so forgive me in case this is a totally stupid question. But I could not find an answer to my question in the literature... Thank you for your help, Josef -- J. Frohn -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net