NTP & DNS being denied?

maverick Wed, 25 Apr 2001 17:41:57 -0700

Can anyone explain to me what is causing this to appear every minute in my
messages log?


Jan 22 16:43:52 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
140.221.9.6:123 64.192.125.125:123 L=76 S=0x00 I=16890 F=0x0000 T=51 (#1)
Jan 22 16:44:58 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
140.221.9.6:123 64.192.125.125:123 L=76 S=0x00 I=20302 F=0x0000 T=51 (#1)
Jan 22 16:46:02 e-smith  kernel: Packet log: denylog DENY eth1 PROTO=17
140.221.9.6:123 64.192.125.125:123 L=76 S=0x00 I=24929 F=0x0000 T=51 (#1)
Jan 22 16:47:06 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
140.221.9.6:123 64.192.125.125:123 L=76 S=0x00 I=29514 F=0x0000 T=51 (#1)
Jan 22 16:48:12 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
140.221.9.6:123 64.192.125.125:123 L=76 S=0x00 I=33517 F=0x0000 T=51 (#1)


It would appear that the E-Smith box is not allowing connections to go out
to the NTP server that I chose to use (140.221.9.6) ...  I know this is a
good server as it works fine on the NTP clients on my Windoze boxen behind
the E-Smith machine.


I've also been seeing alot of this lately:

Jan 21 15:46:56 e-smith kernel: Packet log: denylog DENY eth0 PROTO=17
169.254.65.218:137 192.168.1.1:53 L=77
 S=0x00 I=1964 F=0x0000 T=64 (#1)
Jan 21 15:46:58 e-smith kernel: Packet log: denylog DENY eth0 PROTO=17
169.254.65.218:137 192.168.1.1:53 L=77
 S=0x00 I=1965 F=0x0000 T=64 (#1)
Jan 21 15:46:59 e-smith  kernel: Packet log: denylog DENY eth0 PROTO=17
169.254.65.218:137 192.168.1.1:53 L=77
 S=0x00 I=1966 F=0x0000 T=64 (#1)
Jan 21 15:48:26 e-smith  kernel: Packet log: denylog DENY eth0 PROTO=17
169.254.65.218:137 192.168.1.1:53 L=77


This appears to be a Micro$oft fake address being denied access to the dns
server on the e-smith machine (192.168.1.1) - but, all of the Windoze
machines behind the E-Smith machine can still resolve dns even with
192.168.1.1 as their only dns server...

We've got 5 Windoze boxen behind the E-Smith machine.  At first, I had them
all setup to use 192.168.1.1 (E-Smith machine) as their primary dns server
and had them setup to use our ISP's primary dns server as their backup.
When setup like that, the above errors would randomly appear in the messages
log throughout the day (sometimes just one or two lines worth - sometimes 3
pages worth).

At other times it would be the same lines as above, but instead of
192.168.1.1:53 being the address that the fake Windoze address couldn't
reach, it would be the address that was setup in Windoze as the secondary
dns server.

I have now gone back and removed the secondary dns servers from all of the
Windoze machines and just left 192.168.1.1 in for a dns server - and the
errors have stopped.


The fact that the errors have stopped is great and all, but it does not
explain what the problem is.


Any suggestions on fixing the above issues would be greatly appreciated.


Thanks,
 Matt

--
NTP & DNS being denied?

Reply via email to
