127.0.0.1 coming in from eth0?
Hi.
I have small trouble with firewall logs getting spammed with
REJECT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=127.0.0.1
DST=in.d.m.z LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=nnnnn PROTO=TCP SPT=80
DPT=x WINDOW=0 RES=0x00 ACK RST URGP=0
where eth0 is internet, dst varies between the hosts in dmz (eth1) and
dpt varies between about 1k-2k. The time between packets vary between 10
seconds to 2 minutes. It doesn't seem to be doing anything serious.
System is woody with 2.4.22 ebtables-brnf bridgeing firewall (ebtables
off, monolithic kernel). Also eth2 is private 192.0.0.0/24 lan, with
masquerading. Both br0 and eth2 have ip addresses.
I reported this to isp, but they haven't noticed anything strange with
the connection. Someone told me that this could be a nic going bad. Any
ideas how to find out where the packets originate from and what to do
about it? I can't have the connection off for very long.
--
Mikko Kilpikoski
Reply to: