Hi Patrick, At 22:16 15/01/02 +0100, Patrick Benson wrote: >Julian Church wrote: > > I was getting several of these > > packets per minute so I think it's fair to conclude that the problem has > > been solved. So it seems pretty certain that the fault was with the router > > somehow. My guess is that the router started sporadically NAT-ing packets > > again, giving them it's old/default NAT'd internal IP address > 192.168.254.254. > >Have you tried typing "192.168.254.254" in a web browser? Since it's >using the http port you just may have some sort of configuration manager >installed that comes along with the router, sort of like weblet on >Eigerstein and Dachstein. I have a Motorola Surfboard SB4100 which has >192.168.100.1 configured for the browser....
Yeah, it's got one of those pages, but I don't access it using the address 192.168.254.254. But I just now found that browsing to 192.168.254.254 makes the firewall produce packets very similar to the ones I was confused by yesterday in my logs... Jan 16 08:17:44 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254.254:80 217.149.96.2:62984 L=44 S=0x00 I=91 F=0x0000 T=60 (#42) The router then just goes on producing them, and on and on and on - it's still doing it, so mystery solved! Many thanks for the pointers! Can anyone give me advice what to do with these things? I tried adding tcp_192.168.254.254_80 to SILENT_DENY but it doesn't seem to have done the trick for some reason. Also, I think it would be helpful to block requests from my LAN from reaching 192.168.254.254 port 80, so it's harder for anyone to accidentally set the router off doing this. Can anyone help? Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
