I just noticed some log messages from iptables on my workstation that I find curious (my iptables logs all dropped packets): Sep 25 18:46:55 helen kernel: IN=eth0 OUT= MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:00 SRC=192.168.21.11 DST=192.168.20.31 LEN=308 TOS=0x10 PREC=0x00 TTL=63 ID=40237 DF PROTO=TCP SPT=22 DPT=57702 WINDOW=2160 RES=0x00 ACK PSH URGP=0 Sep 25 18:47:55 helen kernel: IN=eth0 OUT= MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:00 SRC=192.168.21.11 DST=192.168.20.31 LEN=340 TOS=0x10 PREC=0x00 TTL=63 ID=47853 DF PROTO=TCP SPT=22 DPT=45764 WINDOW=2160 RES=0x00 ACK PSH URGP=0 The messages began at 18:33, repeated numbers of times through 18:47, and seem to have stopped. Both of these addresses are behind an IPCop firewall. 192.168.20.31 is my workstation, on the green network. 192.168.21.11 is my web/mail server on the orange (dmz) network. It appears like the server is attempting an ssh communication of some sort to my workstation. My workstation does have open terminal windows (4) with active ssh sessions to the server. I haven't had any problem with ssh sessions staying alive. Is this normal communication for ssh that I should have open in my workstation's firewall? -- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss