It would appear to me that you have your GNAT Box configured to use itself as a DNS server. DNS runs on UDP at port 53. The interface at 10.3.2.111 is sending DNS queries to 10.3.2.111 (itself) at port 53. Those packets are being rejected and logged because by default there is no filter to allow them (and no service to process or respond to them unless you would have built a tunnel to a DNS server on the PSN, with the corresponding filter to allow incoming traffic.)
You should check your Internal and External DNS server entries in the GNAT Box and enable only the one that really exists on each interface (assuming that you are working with GNAT Box 3.x). If I remember correctly, GNAT Box 2.x only allows one DNS server entry, but again, it should be a valid DNS server on the PSN or on the EXT interface. At 04:30 PM 01/02/2000 -0600, Cliff Pryce wrote: > In my log files created by syslog.exe I have recently >started receiving thousands of these entries per day: > > > 17 5 Jan 2 16:09:36 FILTER: Remote access filter blocks: >UDP lo0 [10.3.2.111/1346]->[10.3.2.111/53] l=41. > 17 5 Jan 2 16:09:42 FILTER: Remote access filter blocks: >UDP lo0 [10.3.2.111/1348]->[10.3.2.111/53] l=41. > 17 5 Jan 2 16:09:47 FILTER: Remote access filter blocks: >UDP lo0 [10.3.2.111/1350]->[10.3.2.111/53] l=41. > 17 5 Jan 2 16:09:52 FILTER: Remote access filter blocks: >UDP lo0 [10.3.2.111/1352]->[10.3.2.111/53] l=41. > 17 5 Jan 2 16:09:57 FILTER: Remote access filter blocks: >UDP lo0 [10.3.2.111/1354]->[10.3.2.111/53] l=41. > 17 5 Jan 2 16:10:02 FILTER: Remote access filter blocks: >UDP lo0 [10.3.2.111/1356]->[10.3.2.111/53] l=41. > > Having searched all the documentation, I can find no >relative info for the "lo0" port. > > The ip that this is blocking is in fact my external IP >address. This error/block continues even though all workstations have been >shut down and the gnat box disconnected at the protected and external >network cards. At 05:21 PM 01/02/2000 -0800, Matthew Schalit wrote: >It's ok because it comes from the local host. Buuuuut..... >Here's the second instance in one day where I've read that someone's external >registered IP address is on the Class A 10.x.y.z network, which is impossible >as we all know that the 10.any.th.ing subnet is reserved for private LAN's >and >is non-routable. I even saw an outbound trace that worked. I guess >people are >running some kind of network masq'ing. If the EXT interface is not connected directly to the Internet, but rather to another private network, 10.x.x.x is a good choice for clarity, as it is a popular choice for private WAN addresses. I have also seen some xDSL Internet Providers using 10.x.x.x within their networks, between the Internet and Global IP addresses assigned to their subscribers, while providing full IP routing both ways on the network. -joeb
