On Tue, 7 Dec 2004, STANESCU Ionut wrote:
"
list 101 denied tcp 10.1.141.53(4814) -> <my external ip>(1111)
list 101 denied tcp 10.1.178.197(3926) -> <my external ip>(1111)
list 101 denied udp 10.1.201.48(3306) -> <my external ip>(1111)
"
Two things happening here, one is confusion. The machines (10.1.141.53,
10.1.178.197, 10.1.201.48) are all trying to connect to the firewall's
external address not any outside source unless you didn't post the
outside sources. Your eMule clients are trying to get out to the net. Did
you list the external_ip as your gateway? If so that answers your
question. If not then run a sniffer on your network to determine what
traffic is being passed to and from those addresses to and from the
firewall to the addresses, that would show you what exactly is happening
INTERNALLY.
If you suspect something fishy on the machines themselves, then I suggest
using Process Explorer, and TCPView on the Windows machines to get an idea
of what is doing what.
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99
CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
sil @ politrix . org http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net
"How can we account for our present situation unless we
believe that men high in this government are concerting
to deliver us to disaster?" Joseph McCarthy "America's
Retreat from Victory"
