From owner-freebsd-questions Wed Oct 22 09:17:27 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA08309 for questions-outgoing; Wed, 22 Oct 1997 09:17:27 -0700 (PDT) (envelope-from owner-freebsd-questions) Received: from goose (goose.capitalland.com [208.128.13.109]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA08298 for ; Wed, 22 Oct 1997 09:17:23 -0700 (PDT) (envelope-from Alex_Weeks@capitalland.com) Received: from cutthroat ([206.30.140.66]) by goose (8.8.5/8.8.5) with SMTP id LAA20580 for ; Wed, 22 Oct 1997 11:23:47 -0500 (CDT) Received: by cutthroat with Microsoft Mail id <01BCDEDB.92E73000@cutthroat>; Wed, 22 Oct 1997 11:13:50 -0500 Message-ID: <01BCDEDB.92E73000@cutthroat> From: Alex Weeks To: "'freebsd-questions@freebsd.org'" Subject: Strange (automated) HTTP access from FreeBSD Date: Wed, 22 Oct 1997 11:13:43 -0500 Encoding: 34 TEXT Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I am using a FreeBSD machine for DNS, and routing (between internal networks). This machine sits between our LAN and our router to the Internet. That's two routers, one (FreeBSD) for internal traffic between subnets and one out to the Internet. On our LAN we have an NT Web server running O'Reaily Website Pro. One of the pages that this NT server serves displays banner advertising. It's important for the department that runs this Web server to know exactly how many hits each banner gets because they charge for the service. This Web server does not reside on the same physical (or logical) network as the Internet router, so external traffic destined for this Web server must travel from the Internet, through our Internet router, then through the FreeBSD machine (to hop networks) then to the Web server. The problem: The http logs for the Web page and the logs for the banner advertising software show hits (lot of them) from our FreeBSD router/DNS machine. Obviously the traffic headed to this NT server travels through the FreeBSD box, but why does the traffic appear to originate from the FreeBSD box? (If that's what is happening. Read further). Secondly, the guy in charge of that Web server says that he has a pretty good feel for his high traffic times and he feels that the FreeBSD box is doing this on it's own. In other words, this is not traffic that is being forwarded from outside our LAN and not traffic forwarded from one network to the other. I sort of agree with him, we are getting a lot of traffic from the FreeBSD machine in the early morning hours, but almost no traffic traveling through the router. And no one is here in the offices at that time. Thanks in advance for any help. Alex Weeks