From: <Bil...@kp...> - 2004-06-11 23:28:11
|
Any idea what this is ? This is my webserver at my.real.ip.3 (the firewall - in the DMZ) The 66.68.89.21 appears to be a Road Runner DSL customer. In looking at the main firewall, another shorewall box at my.real.ip.2 Their are NO entries (10 minutes either before or after) on that box. Jun 10 22:03:18 dns1 kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth0 SRC=my.real.ip.3 DST=66.68.89.21 LEN=569 TOS=0x00 PREC=0x00 TTL=64 ID=12896 DF PROTO=TCP SPT=80 DPT=4689 WINDOW=37960 RES=0x00 ACK PSH FIN URGP=0 This webserver runs shorewall 1.4.10 (SuSE 9.0 - 2.4.21 kernel). eth0 goes directly to "main firewall" that does not run anything on port 80 via a crossover. Internet * * (eth0) Main Firewall (eth1) ****** Webserver (eth0) (eth2) * * Internal |