|Subject:||strange IPtables log|
|Date:||Mon, 12 Jan 2004|
I have a modem/router with internal address 10.0.0.138 connected to my
Linux firewall interface eth0 (10.0.0.150, MAC=00:60:B0:C3:CC:BF)
which is connectetd by et1 (192.168.0.1) to my internal net. no DHCP.
The IPTAbles does masquerading.
access to the internet from 192.168.0.0 with explorer, mIRC, FTP, mail
etc. goes well.
I get a series of DROP log lines in /var/log/kernel like this:
Jan 12 08:58:58 lima kernel: DROPi: IN=eth0 OUT=
DST=10.0.0.150 LEN=93 TOS=0x00 PREC=0x00 TTL=106 ID=16911 PROTO=UDP
SPT=11518 DPT=9289 LEN=73
(I made a DROPi chain for debugging purposes)
To my knowledge, the Linux box itself does not generate internet
traffic, only the 192.168.0.0 net does...
The DROPi message comes from the FILTER table/INPUT chain.
There are TCP and UDP messages like this.
I know that the 9289 port is used by a program running on machine
The first part of MAC= is clear: it's the MAC address, but what is
And what is this packet anyway ? it comes in on eth0 and goes out the
same interface, but now reported with it's MAC-address...