these packets are filtering through the router firewall

A particular machine running Debian Sid and kernel 2.6.9 behind a router
(the usual kind of home routers) is showing this in the syslog:
#---------------------------------------------------------------------
18:54:53 red kernel: IN=eth0 OUT= MAC=<mac accress was here>
SRC=200.153.143.194 DST=192.168.0.120 LEN=741 TOS=0x00 PREC=0x00 TTL=112
ID=60563 DF PROTO=TCP SPT=49152 DPT=36911 WINDOW=65535 RES=0x00 ACK PSH
URGP=0
18:55:12 red kernel: IN=eth0 OUT= MAC=<mac accress was here>
SRC=200.153.143.194 DST=192.168.0.120 LEN=741 TOS=0x00 PREC=0x00 TTL=112
ID=61473 DF PROTO=TCP SPT=49152 DPT=36911 WINDOW=65535 RES=0x00 ACK PSH
URGP=0
18:55:16 red kernel: IN=eth0 OUT= MAC=<mac accress was here>
SRC=200.153.143.194 DST=192.168.0.120 LEN=741 TOS=0x00 PREC=0x00 TTL=112
ID=61669 DF PROTO=TCP SPT=49152 DPT=36911 WINDOW=64107 RES=0x00 ACK PSH
URGP=0
18:55:23 red kernel: IN=eth0 OUT= MAC=<mac accress was here>
SRC=200.153.143.194 DST=192.168.0.120 LEN=741 TOS=0x00 PREC=0x00 TTL=112
ID=61899 DF PROTO=TCP SPT=49152 DPT=36911 WINDOW=64107 RES=0x00 ACK PSH
URGP=0
18:56:00 red kernel: IN=eth0 OUT= MAC=<mac accress was here>
SRC=200.153.143.194 DST=192.168.0.120 LEN=741 TOS=0x00 PREC=0x00 TTL=112
ID=63850 DF PROTO=TCP SPT=49152 DPT=36911 WINDOW=65464 RES=0x00 ACK PSH
URGP=0
18:56:50 red kernel: IN=eth0 OUT= MAC=<mac accress was here>
SRC=200.153.143.194 DST=192.168.0.120 LEN=741 TOS=0x00 PREC=0x00 TTL=112
ID=215 DF PROTO=TCP SPT=49152 DPT=36911 WINDOW=65347 RES=0x00 ACK PSH URGP=0
#---------------------------------------------------------------------

Here is what that source IP seems to be:
$> host 200.153.143.194
194.143.153.200.in-addr.arpa domain name pointer
200-153-143-194.dsl.telesp.net.br.

This LAN computer is running an iptables script that I obtained from the
internet and modified. It was a pretty basic script and I modified to
allow webser access and to log a few things. The "iptabls -nvL" command
shows that the packets are being logged becuause they are INVALID.

What I am interested in knowing is that if my iptables script catches
these packets which are INVALID, how come they pass through the router
firewall? In the router, I am port forwarding a select number of ports,
I am denying pings from WAN (outside internet) and everything else is
closed.

And even if these packets pass through, are they dangerous in any way?

BTW, that MAC= field just shows my eth0 MAC address, right?

Thanks,
->HS



--
Please remove the underscores ( the '_' symbols) from my email address
to obtain the correct one. Apologies, but the fudging is to remove spam.