Hi, all.
I was perusing my firewall logs today, and noticed several entries that left me scratching my head. Perhaps I'm just dense, but if someone could take a look at these and give me an "education" I'd appreciate it:
First:
Packet log: forward REJECT eth1 PROTO=1 X.Y.Z.A:8 X.Y.Z.B:0 L=60 S=0x0 I=34720 F=0x0000 T=31 (#2)
X.Y.Z.A and B are private addresses on the same subnet. What puzzles me is that it, at least as I interpet it, appears that this is a request from one peer to another that is going through the *gateway* on that subnet?!
Second:
Packet log: forward REJECT eth1 PROTO=6 X.Y.Z.A:1325 X.Y.Z.B:445 L=48 S=0x00 I=34721 F=0x4000 T=127 SYN (#2)
Now, I suspect this is just an attempt from a Windows box to connect to another Windows box over 445, but again, why is this going through the gateway!? That is, the gateway box (which also has the firewall) is X.Y.Z.1...
Perhaps I'm just overlooking something stupid and obvious, and if that's the case please accept my apologies in advance. I just don't see it.
I appreciate your help.
-David