On 04.04.2015 02:32, James B. Byrne wrote:
I am seeing log file entries like this:
IN=eth0 OUT=eth1 SRC=109.74.193.253 DST=x.y.z.34 LEN=122 TOS=0x00 PREC=0x00 TTL=48 ID=49692 PROTO=ICMP TYPE=3 CODE=3 [SRC=x.y.z.34 DST=109.74.193.253 LEN=94 TOS=0x00 PREC=0x00 TTL=53 ID=41330 PROTO=UDP SPT=34679 DPT=53 LEN=74 ]
This is found on our gateway host. eth0 is the WAN i/f, eth1 is the LAN i/f. Our netblock is x.y.z.0/24. Can somebody tell me what this record is?
IN=eth0 OUT=eth1 SRC=109.74.193.253 DST=x.y.z.34 LEN=122 TOS=0x00 PREC=0x00 TTL=48 ID=49692 PROTO=ICMP TYPE=3 CODE=3
This is a "Port unreachable" message from host 109.74.193.253.
[SRC=x.y.z.34 DST=109.74.193.253 LEN=94 TOS=0x00 PREC=0x00 TTL=53 ID=41330 PROTO=UDP SPT=34679 DPT=53 LEN=74 ]
This is probably the cause of the above error: SRC=x.y.z.34 tried to do a DNS lookup on DST=109.74.193.253 which failed (hence the icmp response).
Regards, Dennis