Hi everyone![...]
I'm seeing some "PROTO=ICMP" messages in my shorwall logs since four or
five days ago, and I wonder what they can be.
I have Bering 1.2
connected between my ADSL modem and my internal LAN. The internal
router's IP is 192.168.1.254, and the only computer I have connected to
the network at the moment is 192.168.1.250, runing Mandrake 9.1. The
Bering box i floppy-based and the floppy is write-protected.
I get lots of this "PROTO=ICMP" from external addresses, but what worries me, is that it looks like I'm getting these from my Bering box! Here are the messages I get, as copied from weblet (sorry they lost formatting).
Sep 15 21:40:53 darouter Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=00:20:af:5d:e1:9a:00:20:1a:11:3d:73:08:00 SRC=192.168.1.254 DST=192.168.1.250 LEN=28 TOS=00 PREC=0x00 TTL=64 ID=48465 PROTO=ICMP TYPE=0 CODE=0 ID=4107 SEQ=0
After this they keep coming every hour and 20 minutes.
Any ideas? I'm grateful for any directions, pointers, suggestions.
Well, they all are TYPE=0, which is Echo Reply, that is, a response to a ping. Is some app on your Mandrake host pinging the router for some reason? I assume you have your Shorewall setup configured to block ping replies, though I don't know why you would do that for the LAN.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
