[Shorewall-users] Webserver to Firewall - Port 80 ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Any idea what this is ?    This is my webserver  at   my.real.ip.3  (the 
firewall - in the DMZ)    The 66.68.89.21  appears to be a Road Runner DSL 
customer.  In looking at the main firewall, another shorewall box at 
my.real.ip.2  Their are NO entries (10 minutes either before or after) on 
that box.

Jun 10 22:03:18 dns1 kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth0 
SRC=my.real.ip.3 DST=66.68.89.21 LEN=569 TOS=0x00 PREC=0x00 TTL=64 
ID=12896 DF PROTO=TCP SPT=80 DPT=4689 WINDOW=37960 RES=0x00 ACK PSH FIN 
URGP=0

This webserver runs shorewall 1.4.10  (SuSE 9.0 - 2.4.21 kernel).  eth0 
goes directly to "main firewall" that does not run anything on port 80 via 
a crossover.

Internet
   *
   *
 (eth0)
Main Firewall (eth1)  ****** Webserver  (eth0)
  (eth2)
   *
   *
Internal