I don't know the answers to your questions, but I can suggest some
tips for digging into the problem.
In the message below, the part about 'proto 6' means the message is
an IP protocol 6 message. If you look in /etc/protocols you will find
proto 6 is a TCP message. This isn't much help.
You can map an IP address like 129.187.24.161 to a human readable
name by using the nslookup command. When I enter
nslookup 129.187.24.161
it says this IP address maps to DNS name
diala161.ppp.lrz-muenchen.de
which I would guess is your ISP. The ",9967" part is the port number.
You can look in /etc/services for these numbers. Port 9967 is not a
a "well known" port. Now the other IP address in this message maps to
209.68.62.170 -> mma-z.com
and port 80 is for http/www requests. So putting it all together says your
link came up because something on your side accessed a web page on mma-z.com.
Hope this help,
Brian Beuning
Thomas Michalka wrote:
One line of my /var/log/messages about an accepted rule:
> Aug 7 15:59:20 terra diald[10978]: filter accepted rule 4 proto 6 len 40 seq
> e9443c81 ack 45e0f8c8 flags FIN ACK packet 129.187.24.161,9967 =>
> 209.68.62.170,80
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
