On Wed, Aug 27, 2003 at 02:50:52PM -0400, Jeffrey Laramie wrote: > >>Aug 26 15:39:46 NS2 kernel: Filter_INPUT: IN=eth1 OUT= > >>MAC=00:c0:f0:69:26:49:52:54:00:de:46:c7:08:00 SRC=172.144.233.136 > >>DST=192.168.0.24 LEN=73 TOS=0x10 PREC=0x00 TTL=128 ID=1755 PROTO=UDP > >>SPT=137 DPT=53 LEN=53 > > > >It looks to me that 172.144.233.136 is a nameserver, and 192.168.0.24 asked > >it for name resolution, and we're looking at its answer. > > > This entry is generated by the built-in filter INPUT chain so I would > read this as a DNS request coming from 172.144.233.136 (SRC) and > destined for the host at 192.168.0.24 (which is the firewall's LAN > facing IP). The firewall host is also a DNS server for my LAN so this > would be a normal request coming from the LAN **except** for the client > IP address. Could it be that the client machine dials up to AOL, receives that IP address and later it needs to resolve a name and vecause of the DNS settings on the client machine it tries the query 192.168.0.24 with its source 172.144.233.136? Ramin
