I remember one of my customer having the same problem. I finally trace
it to a piece of program of the HP pavilion, but can''t remember the
name
now. This program is a helper for the multimedia keyboard. (I know seems
unrelated at first). But from what I could tell, part of that program is
to check if there is the Internet connection is up. (Maybe visually they
set a lead on. Not sure as I did all the debugging remotely). Anyway
don''t really understand what HP was trying to do with it as the TTL is
set to 1, but can sure flood the firewall if you have dozens of those
machine being it. Removing that program from Windows did the trick.
Hope that helps
Pascal
On Sun, 2002-12-01 at 07:28, Geordon VanTassle wrote:> Hello ,
>
> I''m new to Shorewall and iptables. I have a small, mixed
network
> (linux and WIndows).
>
> My firewall log is choking under the weight of the entries like
> below. Can someone suggest how I can stop the logging of these
> packets? The source computer (192.168.1.20) is a HP Pavilion PC
> running Windows ME, OEM. I can''t figure out WTF the box is
spewing
> out these packets, and the destination address (207.26.131.137)
> doesn''t seem to exist... I''m guessing that it belonged
to something
> that the PC had installed OEM, but the address is defunct.
>
>
> HELP! Please!
>
> Dec 1 08:01:29 all2all:REJECT:IN= OUT=eth0 SRC=192.168.1.3
> DST=192.168.1.20 LEN=56 TOS=0x00 PREC=0xC0 TTL=64 ID=62289 PROTO=ICMP
> TYPE=11 CODE=0 [SRC=192.168.1.20 DST=207.26.131.137 LEN=28 TOS=0x00
> PREC=0x00 TTL=1 ID=34855 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=57521 ]
>
--
Pascal DeMilly <list.shorewall@newgenesys.com>