FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-15-2009, 03:47 PM
Hugo Vanwoerkom
 
Default iptables q

Hi,

I have Firehol for iptables front-end and WordPress on Apache.

Access to WP is restricted to me only, like this:

interface ppp0 internet
policy drop
protection strong
...
server http accept src 200.57.201.163

So far so good.

Now the question is: where do the messages in syslog come from, like these:

Jan 15 10:09:12 debian kernel: [42743.308176] 'IN-internet':'IN=ppp0
OUT= MAC= SRC=202.97.238.233 DST=200.57.20
1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368
DPT=1026 LEN=577


because that source does not exist:

hugo@debian:~$ host 202.97.238.233
202.97.238.233 does not exist, try again

Hugo


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-15-2009, 04:12 PM
Jeff D
 
Default iptables q

On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:

> Hi,
>
> I have Firehol for iptables front-end and WordPress on Apache.
>
> Access to WP is restricted to me only, like this:
>
> interface ppp0 internet
> policy drop
> protection strong
> ...
> server http accept src 200.57.201.163
>
> So far so good.
>
> Now the question is: where do the messages in syslog come from, like these:
>
> Jan 15 10:09:12 debian kernel: [42743.308176] 'IN-internet':'IN=ppp0 OUT=
> MAC= SRC=202.97.238.233 DST=200.57.20
> 1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
> LEN=577
>
> because that source does not exist:
>
> hugo@debian:~$ host 202.97.238.233
> 202.97.238.233 does not exist, try again
>
> Hugo
>

Hi,

Just because you can't resolve an IP address does not mean that it does
not exist. There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist. Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.

Jeff

--
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-15-2009, 04:20 PM
Hugo Vanwoerkom
 
Default iptables q

Jeff D wrote:

On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:


Hi,

I have Firehol for iptables front-end and WordPress on Apache.

Access to WP is restricted to me only, like this:

interface ppp0 internet
policy drop
protection strong
...
server http accept src 200.57.201.163

So far so good.

Now the question is: where do the messages in syslog come from, like these:

Jan 15 10:09:12 debian kernel: [42743.308176] 'IN-internet':'IN=ppp0 OUT=
MAC= SRC=202.97.238.233 DST=200.57.20
1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
LEN=577

because that source does not exist:

hugo@debian:~$ host 202.97.238.233
202.97.238.233 does not exist, try again

Hugo



Hi,

Just because you can't resolve an IP address does not mean that it does
not exist. There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist. Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.


Thanks Jeff! Whois is the answer.
I am honored to drop the Hei Long Jiang province education committee ;-)

Hugo


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org