[svlug] packets from gateway

S step1b at cyberspace.org
Mon Jan 7 21:22:02 PST 2002


Jan  6 04:49:14 localhost kernel: Packet log: input DENY eth0 PROTO=1
192.168.1.254:3 external_ip:1 L=56 S=0x00 I=8892 F=0x0000 T=255 (#4)


Jan  8 06:21:00 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.254:1246 255.255.255.255:53 L=74 S=0x00 I=0 F=0x0000 T=255 (#4)           

Dec 30 04:14:45 localhost kernel: Packet log: input DENY eth0 PROTO=1
192.168.1.254:3 192.168.1.97:1 L=56 S=0x00 I=8071 F=0x0000 T=255 (#3)

Hi

Can somebody explain the above entries, these are filling up my logs
since two weeks. 192.168.1.254 is our gateway, and portsentry has
blocked this ip.

There are two ip addrs to this machine, one internal and one external.
and I have ftp server running. further, to disable access to the local
lan in case of an attack, i have this in the ipchains: (on eth0).
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports
REJECT     all  ----l-  192.168.1.97         192.168.1.0/24        n/a   


Am I doing sensible?

thanks.
S




More information about the svlug mailing list