On 6/7/05, Nemanja Dubravac <pcmaniac at gmail dot com> wrote:
> Behind m0n0, on the LAN side is a web, pop3 and smtp server, with vnc
> control, so the ports 80, 110, 25 and 5900 are forwarded to that server
> when i try to open the http://126.96.36.199 with the browser, sometimes
> it opens the website, and most of the time it doesn't (must refresh all
> the time)
From the LAN side or WAN side?
> *Firewall log*:
the majority of this is legit dropped traffic. Doesn't match an allow
rule on the WAN side so it gets dropped.
> (I don't understand why there's difference between rl0 and WAN interface
> in the logs, when they should be the same)
No, ng0 is your real WAN interface, since you're using PPPoE. rl0
shouldn't see any traffic from the internet. Looks to me like you
have Windows boxes plugged in outside your firewall, between the WAN
and the DSL modem? Or else your provider does something weird that
lets NetBIOS broadcasts come to you, and not through PPPoE.
> 20:13:14.872056 rl0 @0:14 b 169.254.248.33,137 -> 169.254.255.255,137 PR
> udp len 20 78 IN
All this 169.254.x.x and 10.x.x.x garbage is Windows NetBIOS
broadcasts. That's all that is coming in rl0.
The only legit traffic I see getting dropped is by rule @200:1. What
rule is that? See
My first guess, since it's a relatively small number of drops, is
And the refresh issue being unrelated.