port forwarding weirdness

[George Toft]

Use ethereal and monitor your traffic on your firewall.  See what the
request is (name lookup or zone transfer).  Proceed from there.

George


Sean Roe wrote:
> 
> Hi all,
> 
> I have been experimenting with freesco http://www.freesco.org (FREE ciSCO)
> router distro as a replacement for Linux Router Project. I have a DNS Server
> setup behind the firewall servicing port 53 requests.
> 
> I have Freesco and running and all is well except for DNS.  I have a DNS
> server behind it and I have ports 53 udp and tcp passed through to it.  I
> keep getting these errors:
> 
> Jul 21 18:47:21 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:11415
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:47:36 - last message repeated 4 times
> Jul 21 18:47:36 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:12057
> 206.165.207.198:53 L=69 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:47:44 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:11415
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:47:56 - last message repeated 4 times
> Jul 21 18:47:58 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:12057
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:48:00 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:11415
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 18:48:25 - last message repeated 4 times
> Jul 21 18:48:27 - kernel: IP fw-in rej eth0 UDP 64.14.66.100:12057
> 206.165.207.198:53 L=58 S=0x00 I=0 F=0x0040 T=51
> Jul 21 19:04:20 - kernel: IP fw-in rej eth0 UDP 151.203.0.85:44947
> 206.165.207.198:53 L=64 S=0x00 I=61649 F=0x0040 T=245
> 
> My question is what causes these?  Is it a hack attempt?
> 
> Sean
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss