strange IPtables log

Giganews Newsgroups
Subject: strange IPtables log
Posted by:  €®ik
Date: Mon, 12 Jan 2004

I have a modem/router with internal address connected to my
Linux firewall interface eth0 (, MAC=00:60:B0:C3:CC:BF)
which is connectetd by et1 ( to my internal net. no DHCP.
The IPTAbles does masquerading.
access to the internet from with explorer, mIRC, FTP, mail
etc. goes well.

I get a series of DROP log lines in /var/log/kernel like this:

Jan 12 08:58:58 lima kernel: DROPi: IN=eth0 OUT=
MAC=00:60:b0:c3:cc:bf:00:90:d0:8c:31:90:08:00 SRC=
DST= LEN=93 TOS=0x00 PREC=0x00 TTL=106 ID=16911 PROTO=UDP
SPT=11518 DPT=9289 LEN=73

(I made a DROPi chain for debugging purposes)

To my knowledge, the Linux box itself does not generate internet
traffic, only the net does...

The DROPi message comes from the FILTER table/INPUT chain.
There are TCP and UDP messages like this.

I know that the 9289 port is used by a program running on machine

The first part of MAC= is clear: it's the MAC address, but what is
:00:90:d0:8c:31:90:08:00 ?

And what is this packet anyway ? it comes in on eth0 and goes out the
same interface, but now reported with it's MAC-address...