The ICMP type 3 code 1 is host unreachable. And the entry is referring to one packet only (with information about earlier packet)
So it seems that somehow your machine is trying to connect 10.0.0.150 (Don't fragment bit set, UDP traffic with incomplete header) and it gets host unreachable from router connected to the specific network (firewall). You should use tcdump to see the original UDP packet for extra info. rgds, Harri > -----Original Message----- > From: ext Pablo Trincavelli [mailto:[EMAIL PROTECTED]] > Sent: 01 January, 2002 14:23 > To: [EMAIL PROTECTED] > Subject: IPTABLES log entry > > > I'm getting this log entry and I'm not sure what it means, can anyone > help me with this? > > Jan 1 09:57:45 fire01 kernel: Firewall:IN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.0.0.10 > DST=192.168.1.2 LEN=62 TOS=0x00 PREC=0xC0 TTL=255 ID=20450 PROTO=ICMP > TYPE=3 CODE=1 [SRC=192.168.1.2 DST=10.0.0.150 LEN=34 TOS=0x00 > PREC=0x00 > TTL=63 ID=27857 DF PROTO=UDP INCOMPLETE [2 bytes] ] > > First the 10.0.0.10 IP is trying to send something to 192.168.1.2 (my > workstation) and then 192.168.1.2 (my workstation) is trying to send > something to 10.0.0.150, what's this? > > I do not have any machine with IP 10.0.0.150, could it be my ADSL > router?, but my /etc/hosts from my linux firewall is like this: > > 127.0.0.1 localhost.localdomain localhost > 10.0.0.10 fire01 > 192.168.1.3 fire01 > 192.168.1.2 darkstar > 192.168.1.4 fire01 > > (yes, my firewall have two internal ethernet cards 192.168.1.3 and > 192.168.1.4) > > My setup is like this: > > INTERNET ---> ADSL router----> Linux Firewall (fire01)-----> My > workstation (darkstar) > > The log entry is from my Linux Firewall (fire01) > > Thanx and Happy New Year!! > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
