not really a linux question, but I have high hopes some here can shed some light on this network problem.
I have two linksys switch/firewalls on my home network.
The first has the WAN port connected to my cable modem, and a single box connected to one of the ports. It is configured to forward ports 22 and 80 from the cable modem to this box. The firewall is further configured to perform statefull packet filtering, and on the logs generated by it, you can see exactly where some packets get dropped for violations of this sort. The box connected to this switch is used exclusively as a webserver, and is using SuSE 8.2's firewall configuration tool.
The second switch's WAN port is connected into one of the remaining ports on the first. And the other four boxes on my internal LAN are connected either directly to this switch or through other switches on the LAN.
Here's my question.
Any ideas on how I can occasionally observe on the logs of switch/firewall #2
people trying portscan, or in other ways systematically attack what they think is a single machine (but is actually switch/firewall #2
All the machines are running SuSE 8.2. The logs on the http server show MANY attempts at exploits, but nothing ever seems out of whack, or 'fishy'. Similarly, all the machines in the internal LAN seem pristine as well (not pecular network activity, odd process, 'funky' log entries, etc.).