[q1001001]

Hi,

I have a FC 3 box as my nat/firewall/router. It is running firestarter.
My nework looks similar to this:

,-------------------------,
,--|192.168.1.1 (Computer A) |
L | |-------------------------|
A |--|192.168.1.2 (Computer B) | eth1
N | '--------------------------'
| ,-------------------------,
'--|192.168.1.100 | inside
======| (ROUTER) |================
,--|11.22.33.44 | outside
| '-------------------------'
I |
S | eth0 / DSL
P \|/
v

Everything seems to work just fine. Then after it runs for awhile, (maybe an hour or so) something happens that effects the way it forwards
packets. The exact problem is that Computer A (or B for that matter)
is no longer able to access the box unless the 192.168.1.100 address is used.

For instance, a web access to 11.22.33.44 yields a message like this in /var/log/messasges:


May 30 15:21:11 lab kernel: Unknown InputIN=eth1 OUT= MAC=00:c0:f0:58:21:c1:00:40:ca:6d:b6:07:08:00 SRC=192.168.4.20 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9748 DF PROTO=TCP SPT=1193 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

...obviously the xx.xx.xx.xx has been replaced to no show the real address.

Any idea why this would happen? I find it particularly strange since it works just fine for awhile.

A restart of firestarter fixes the problem temporarily...til it happens again.

- Mike