On Wed, Jul 4, 2012 at 4:07 AM, Anne Wilson <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Could someone please tell me what to look for, and where, to solve > this puzzle?
Where do this message come from? I have never seen any such messages for iptables drops. > - --------------------- iptables firewall Begin ------------------------ > > > Listed by source hosts: > Dropped 9 packets on interface eth0 > From 192.168.0.40 - 9 packets to tcp(38575) > > ---------------------- iptables firewall End ------------------------- > > The machine in question is my mail/file/print server, running a > secondary firewall inside the NAT router. Port 38575 appears to be > unassigned, and I've only seen such messages for the last couple of days. Which machine in question? The one displaying this message or 192.168.0.40? > I'm pretty sure that the server hasn't been _directly_ used, i.e. with > login to actual physical box, during that time, so the likelihood > seems to be some service other systems on the LAN are calling for > something. > > Any ideas about how to go about tracing this? I can't find it in any > of the logs on the server. I'm working on the logs on the laptops.
