127.0.0.1 coming in from eth0?

To: debian-firewall@lists.debian.org
Subject: 127.0.0.1 coming in from eth0?
From: Mikko Kilpikoski <mikko.kilpikoski@ravalik.fi>
Date: Mon, 15 Sep 2003 13:31:37 +0300
Message-id: <[🔎] 3F659509.5020504@ravalik.fi>

Hi.

I have small trouble with firewall logs getting spammed with

REJECT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=127.0.0.1DST=in.d.m.z LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=nnnnn PROTO=TCP SPT=80DPT=x WINDOW=0 RES=0x00 ACK RST URGP=0

where eth0 is internet, dst varies between the hosts in dmz (eth1) anddpt varies between about 1k-2k. The time between packets vary between 10seconds to 2 minutes. It doesn't seem to be doing anything serious.

System is woody with 2.4.22 ebtables-brnf bridgeing firewall (ebtablesoff, monolithic kernel). Also eth2 is private 192.0.0.0/24 lan, withmasquerading. Both br0 and eth2 have ip addresses.

I reported this to isp, but they haven't noticed anything strange withthe connection. Someone told me that this could be a nic going bad. Anyideas how to find out where the packets originate from and what to doabout it? I can't have the connection off for very long.


--
Mikko Kilpikoski

Reply to:

Follow-Ups:
- Re: 127.0.0.1 coming in from eth0?
  - From: Mikko Kilpikoski <mikko.kilpikoski@ravalik.fi>
- Re: 127.0.0.1 coming in from eth0?
  - From: Fabricio Cannini <fabriciocannini@yahoo.com.br>

Prev by Date: Re: 2 NIC and arpwatch
Next by Date: Re: 127.0.0.1 coming in from eth0?
Previous by thread: Re: 2 NIC and arpwatch
Next by thread: Re: 127.0.0.1 coming in from eth0?
Index(es):
- Date
- Thread