|
||||||||
On 7/25/05, Ugo Bellavance <ugob at camo dash route dot com> wrote: > Don Munyak wrote: > > Ugo, much appreciated. I can understand the 445. > > > > What's confused me is the Remote IP is almost always 4.152.222.239 > > {port 445 or 135} > > > > The local IP's/ports, as reported by syslog, are any IP in the > > 4.152.0.0/16 range. A few in the in others like 61.225.17.215 > > ..etc > > > > The point was my network is 192.168.222.0/24. How is it that syslog is > > reporting the BLOCKED traffic from my network. Is this a case of a > > spoofed packet? > I think I solved my concern, but not neccessarily the issue. It appears the strange traffic being block by m0n0wall was originating from a pptp dial-up client. Basically, I have m0n0wall setup to redirect inbound pptp traffic to a LAN connected w2k RRAS server. The remote client workstation was using an erols (level3) dialup account to gain internet access, then using the built-in windows pptp component to make a pptp/vpn connection to our office network file services. The hair-pulling experience was seeing all the non-LAN ip traffic from the dialup connection feeding back into our network, via the pptp connection. If anyone has any recommendations or suggestions, I am more than willing to hear. Thanks - Don |