Unusualy active firewall?
I was recently having issues with some programs and decided to put my Linux box in a DMZ, and as a result, bypassed all the normal firewalling functions of my router/nat. I installed iptables and a graphical frontend for it 'firestarter'. My outgoing rules are permissive with only blacklist traffic, and my incoming rules drop all except for the ports specified (22,25, 80,110 for the moment). The primary reason I installed the graphical frontend was for its system tray notification feature. As a result I have noticed upd connections (generaly on or around ports 1024-1026, but all over) from a multitude of IP's several times a minute. I host a site on the machine, but its just a personal blog and rarely sees more that 25 uniqe IP's a day. I can provide the actual logs should someone want to see them, but i was wondering: is this much traffic normal? My guess is that some forwarding feature on my router is sending information to different ports then they originate at, but something like that seems to be ineffective.
any experiances that might help?
(the router is a D-link should that make a difference)