On December 11, 2003 11:11 pm, Ian Hunter wrote: > OK, I have a router (lucy) with a webserver (192.168.254.242) in a DMZ (off > eth1), and everything works fine -- when you hit my ip, you get the site, > all is well. However, I get STORMS of this nonsense in my logs: > > Dec 11 22:58:52 lucy kernel: Fwd DMZ->Internet DROP: IN=eth1 OUT=ppp0 > SRC=192.168.254.242 DST=204.157.6.223 LEN=60 TOS=0x00 PREC=0x00 TTL=63 > ID=56169 DF PROTO=TCP SPT=80 DPT=56319 WINDOW=32476 RES=0x00 ACK SYN URGP=0 Perhaps this is some sort of spoofing you are seeing. -- at least at this moment bart.routesys.com (204.157.6.223) does NOT appear to be alive ... (you too that snap at 10:58 your time .. I'm looking at 12:30 my time..EST) > > (That's responding to these rules at the end of the FORWARD chain of filter > table:) > > iptables -A FORWARD -i eth1 -o ppp0 -j LOG --log-prefix "Fwd DMZ->Internet > DROP: " > iptables -A FORWARD -i eth1 -o ppp0 -j DROP > > > Now if web traffic is working, my "-m state --state ESTABLISHED,RELATED -j > ACCEPT" must be working on forwards from eth1 -> ppp0, so why am I seeing > these messages? Are these broken TCP connections that netfilter doesn't > consider established? > > Where do I look now? > > Thanks, > > Ian
