A week or so ago after updating to Mandriva 2009.1 I'd forgotten to allow port 123 in shorewall and was getting massive amounts of firewall hits in my syslog. I corrected that and have had no problems until today when all of a sudden I'm seeing this again:
May 13 18:00:05 localhost klogd: Shorewall:net2fw
ROP:IN=eth0 OUT= MAC=00:0f:ea:33:8f:ef:00:13:49:6e:55:07:08:00 SRC=207.171.30.106 DST=192.168.2.2 LEN=76 TOS=0x00 PREC=0x00 TTL=50 ID=2711 DF PROTO=UDP SPT=123 DPT=59380 LEN=56
May 13 18:00:28 localhost klogd: Shorewall:net2fw
ROP:IN=eth0 OUT= MAC=00:0f:ea:33:8f:ef:00:13:49:6e:55:07:08:00 SRC=66.96.99.10 DST=192.168.2.2 LEN=76 TOS=0x00 PREC=0x00 TTL=50 ID=32831 PROTO=UDP SPT=123 DPT=59380 LEN=56
May 13 18:00:41 localhost klogd: Shorewall:net2fw
ROP:IN=eth0 OUT= MAC=00:0f:ea:33:8f:ef:00:13:49:6e:55:07:08:00 SRC=208.38.65.37
This goes through all the ntp servers I'm trying to connect for time sync. I checked my firewall setup and port 123/udp is allowed. Running netstat -lnptu, shows among other ports:
udp 0 0 127.0.0.1:123 0.0.0.0:* 3581/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 3581/ntpd
udp 0 0 0.0.0.0:50172 0.0.0.0:*
I've seen no issues since the 8th until this morning at 6am when this all started again. Has something gotten mis-configured somehow all by itself?
Thanks
Chris