Morgan:
Hello! Have a look here:
http://www.echogent.com/cgi-bin/fwlog.pl
The IGMP packet you're seeing is coming from your ISP's
router, as it's trying to find other routers directly connected to
it. As the "firewall log explanation script" says, you can safely
ignore all traffic being broadcast to the "224.0.0.0/4" address range.
As if all my emails didn't have this shamless plug...the
echoWall firewall script already "silently denies" this broadcast
address range (and others) as well as *not* having default rule to
block RFC-1918 private IP's like 10.x.y.z or 192.168.x.y.
Hope this helps!
cheers,
Scott
> My wife is behind a double NAT setup at school.
> Her provider givers her an 10.100.x.x IP address, which, of course makes
> Eigerstein ipchains default rules unhappy.
>
> I commented out the rules that apply to blocking 10.100.x.x numbers so she
> has access. The problem is that her logfiles fill up almost instantly with
> junk like this:
>
> myrouter kernel: Packet log: input DENY eth0 PROTO=2 10.100.80.208:65535
> 239.255.255.250:65535 L=32 S=0x00 I=7688 F=0x0000 T=1 O=0x00000494 (#43)
>
> But not just from one IP address. Instead she gets these from practically
> every 10.100.x.x IP available.
>
> Clearly everyone in her provider's subnet is pushing out packet fragments,
> or somehow their network is leaving packet fragments out there.
>
> These are being caught by rule 43, which is a catchall I think. I also
> admit to not really being sure which freaking rule is rule #43, I mean I
> look through the config, and I am not really sure how to count them.
>
> SO is there any way to stop logging all of these packet fragments?
>
>
> Thanks
>
> Morgan
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
