On Fri, 2003-12-12 at 09:05, Jeffrey Laramie wrote: > On Friday 12 December 2003 08:13, Chris Brenton wrote: > > On Thu, 2003-12-11 at 23:11, Ian Hunter wrote: > > > Dec 11 22:58:52 lucy kernel: Fwd DMZ->Internet DROP: IN=eth1 OUT=ppp0 > > > SRC=192.168.254.242 DST=204.157.6.223 LEN=60 TOS=0x00 PREC=0x00 TTL=63 > > > ID=56169 DF PROTO=TCP SPT=80 DPT=56319 WINDOW=32476 RES=0x00 ACK SYN > > > URGP=0 > > > > My "guess" is, you are receiving a SYN packet from 204.157.6.223. This > > creates a state table entry with with a 60 second timer. Your system is > > taking longer than 60 seconds to respond, so iptables is removing the > > state table entry. Your system then responds causing the log entry shown > > above. > > > > Hey Chris, > > Is it normal for the server to send the ACK SYN to a high dport? I wouldn't > have expected that. > > Jeff It will respond to whatever port the user chose we they initiated the connection. That should indeed be a high port - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
