Ramin Dousti wrote:
On Wed, Aug 27, 2003 at 02:50:52PM -0400, Jeffrey Laramie wrote:Thanks for the suggestion. That was my first thought since one of the LAN clients is a notebook with dialup ability, but with a DSL connection through the LAN it's not used now. I did check it though to see if it still had an AOL IP assigned to it or an AOL server listed for DNS. It didn't, and the log timestamp indicates that these packets are occuring when a different client (with no dialup) is checking AOL mail.
This entry is generated by the built-in filter INPUT chain so I would read this as a DNS request coming from 172.144.233.136 (SRC) and destined for the host at 192.168.0.24 (which is the firewall's LAN facing IP). The firewall host is also a DNS server for my LAN so this would be a normal request coming from the LAN **except** for the client IP address.Aug 26 15:39:46 NS2 kernel: Filter_INPUT: IN=eth1 OUT=
MAC=00:c0:f0:69:26:49:52:54:00:de:46:c7:08:00 SRC=172.144.233.136
DST=192.168.0.24 LEN=73 TOS=0x10 PREC=0x00 TTL=128 ID=1755 PROTO=UDP
SPT=137 DPT=53 LEN=53
It looks to me that 172.144.233.136 is a nameserver, and 192.168.0.24 asked it for name resolution, and we're looking at its answer.
Could it be that the client machine dials up to AOL, receives that IP address and later it needs to resolve a name and vecause of the DNS settings on the client machine it tries the query 192.168.0.24 with its source 172.144.233.136?