[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] coming in from eth0?


I have small trouble with firewall logs getting spammed with

REJECT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC= DST=in.d.m.z LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=nnnnn PROTO=TCP SPT=80 DPT=x WINDOW=0 RES=0x00 ACK RST URGP=0

where eth0 is internet, dst varies between the hosts in dmz (eth1) and dpt varies between about 1k-2k. The time between packets vary between 10 seconds to 2 minutes. It doesn't seem to be doing anything serious.

System is woody with 2.4.22 ebtables-brnf bridgeing firewall (ebtables off, monolithic kernel). Also eth2 is private lan, with masquerading. Both br0 and eth2 have ip addresses.

I reported this to isp, but they haven't noticed anything strange with the connection. Someone told me that this could be a nic going bad. Any ideas how to find out where the packets originate from and what to do about it? I can't have the connection off for very long.

Mikko Kilpikoski

Reply to: