I just noticed some log messages from iptables on my workstation that I find 
curious (my iptables logs all dropped packets):

Sep 25 18:46:55 helen kernel: IN=eth0 OUT= 
MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:00 SRC=192.168.21.11 
DST=192.168.20.31 LEN=308 TOS=0x10 PREC=0x00 TTL=63 ID=40237 DF PROTO=TCP 
SPT=22 DPT=57702 WINDOW=2160 RES=0x00 ACK PSH URGP=0

Sep 25 18:47:55 helen kernel: IN=eth0 OUT= 
MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:00 SRC=192.168.21.11 
DST=192.168.20.31 LEN=340 TOS=0x10 PREC=0x00 TTL=63 ID=47853 DF PROTO=TCP 
SPT=22 DPT=45764 WINDOW=2160 RES=0x00 ACK PSH URGP=0

The messages began at 18:33, repeated numbers of times through 18:47, and 
seem to have stopped.

Both of these addresses are behind an IPCop firewall.
192.168.20.31 is my workstation, on the green network.
192.168.21.11 is my web/mail server on the orange (dmz) network.

It appears like the server is attempting an ssh communication of some sort 
to my workstation. My workstation does have open terminal windows (4) with 
active ssh sessions to the server. I haven't had any problem with ssh 
sessions staying alive.

Is this normal communication for ssh that I should have open in my 
workstation's firewall?
-- 
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss