The ICMP type 3 code 1 is host unreachable. And the entry is referring to
one packet only (with information about earlier packet)
So it seems that somehow your machine is trying to connect 10.0.0.150 (Don't
fragment bit set, UDP traffic with incomplete header) and it gets host
unreachable from router connected to the specific network (firewall).
You should use tcdump to see the original UDP packet for extra info.
rgds,
Harri
-Original Message-
From: ext Pablo Trincavelli [mailto:[EMAIL PROTECTED]]
Sent: 01 January, 2002 14:23
To: [EMAIL PROTECTED]
Subject: IPTABLES log entry
I'm getting this log entry and I'm not sure what it means, can anyone
help me with this?
Jan 1 09:57:45 fire01 kernel: Firewall:IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.0.0.10
DST=192.168.1.2 LEN=62 TOS=0x00 PREC=0xC0 TTL=255 ID=20450 PROTO=ICMP
TYPE=3 CODE=1 [SRC=192.168.1.2 DST=10.0.0.150 LEN=34 TOS=0x00
PREC=0x00
TTL=63 ID=27857 DF PROTO=UDP INCOMPLETE [2 bytes] ]
First the 10.0.0.10 IP is trying to send something to 192.168.1.2 (my
workstation) and then 192.168.1.2 (my workstation) is trying to send
something to 10.0.0.150, what's this?
I do not have any machine with IP 10.0.0.150, could it be my ADSL
router?, but my /etc/hosts from my linux firewall is like this:
127.0.0.1 localhost.localdomain localhost
10.0.0.10 fire01
192.168.1.3 fire01
192.168.1.2 darkstar
192.168.1.4 fire01
(yes, my firewall have two internal ethernet cards 192.168.1.3 and
192.168.1.4)
My setup is like this:
INTERNET --- ADSL router Linux Firewall (fire01)- My
workstation (darkstar)
The log entry is from my Linux Firewall (fire01)
Thanx and Happy New Year!!
___
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
___
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls