Сервер FreeBSD, стоит NAT, SQUID, все прозрачно ... трабла в том, что провайдер говорит, что с нашего внешнего ip идет сканирование по 2048 порту. Как узнать с какой машины идут эти пакеты ? Или как это пресечь.

Мой rc.firewall

fxp0 - внешний интерф.
ed1 - внутренний

${fwcmd} add divert natd all from 192.168.100.0/24 to any out via fxp0
${fwcmd} add divert natd all from any to внешний_ip in via fxp0

${fwcmd} add 30  fwd 192.168.100.2,3128 tcp from 192.168.100.2/24 to any 80
        ${fwcmd} add pass tcp from any to any established
        ${fwcmd} add pass ip from 192.168.100.0/24 to any via lo0
        ${fwcmd} add deny icmp from any to any frag
        ${fwcmd} add pass ICMP from any to any

${fwcmd} add pass tcp from 192.168.100.0/24 to 192.168.100.2 80,143,20,21,110,3128 setup in via ed1
${fwcmd} add pass udp from 192.168.100.0/24 to 192.168.100.2 80,143,20,21,110,3128 in via ed1
${fwcmd} add pass tcp from 192.168.100.0/24 to 192.168.100.2 22,135,137,139 setup in via ed1
${fwcmd} add pass udp from 192.168.100.0/24 to 192.168.100.2
135,137,139 in via ed1

${fwcmd} add deny log ip from 192.168.100.0/24 to 192.168.100.2 in via ed1

        # Enable FTP

        ${fwcmd} add pass tcp from any to me 21 setup
        ${fwcmd} add pass tcp from any 20 to me setup
        ${fwcmd} add pass tcp from any to me 32768-65535 setup

        # icmp
        ${fwcmd} add deny icmp from any to any frag
        ${fwcmd} add pass icmp from any to me icmptype 0,3,4,8,11,12
        ${fwcmd} add pass icmp from me to any icmptype 0,3,4,8,11,12

        # Stop RFC1918 nets
     ${fwcmd} add deny all from 10.0.0.0/8 to any via fxp0
     ${fwcmd} add deny all from 172.16.0.0/12 to any via fxp0
     ${fwcmd} add deny all from 192.168.0.0/16 to any via fxp0

        ${fwcmd} add pass tcp from any to me 53 setup
        ${fwcmd} add pass udp from any to me 53
        ${fwcmd} add pass tcp from any 53 to me setup