Here's what I got. I placed it in an attachment. On Sunday 23 April 2006 18:32, Darryl Gregorash wrote:
On 23/04/06 13:43, Andres Mejia wrote:
SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:10:b5:8d:af:fb:00:0c:6e:63:11:af:08:00 SRC=192.168.0.2 DST=192.168.0.101 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=139 DF PROTO=UDP SPT=137 DPT=1028 LEN=70
Packets were being dropped because of the destination ports that were being chosen. Here you see DPT=1028, but I saw ports being randomly picked between 1024 and 1030.
You've never said which machine this was taken from, but I am certain it is from your client machine. It is also a unicast packet, so it is certainly in response to something else that was already sent by that machine -- a samba server simply just does not emit an arbitrary unicast message on port 137 with some arbitrary port as the destination.
It is absolutely impossible to know why any particular network packet was dropped without knowing all the details of the firewall configuration. What do you get from running this on the client machine:
iptables-save |grep -i input_ext