[Leaf-user] help understanding ipchains output (newbie)

mike Thu, 18 Apr 2002 17:04:46 -0700

Dachstein LEAF

Hello,


I am running the standard Dachstein LEAF box on a
cable modem.  I am getting hundreds of these broadcast
messages:

# ip addr

1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:e2:00:6f:d2 brd ff:ff:ff:ff:ff:ff
    inet 66.147.147.223/23 brd 66.147.147.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:80:48:b1:a1:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.6.254/24 brd 192.168.6.255 scope global eth1


#cat /var/log/syslog
<snip>
Apr 18 15:44:50 firewall kernel: Packet log: input DENY eth0 PROTO=17 
66.147.147.152:520 66.147.147.255:520 L=52 S=0x00 I=64309 F=0x0000 
T=128(#40)
Apr 18 15:45:23 firewall kernel: Packet log: input DENY eth0 PROTO=17 
66.147.147.152:520 66.147.147.255:520 L=52 S=0x00 I=64314 F=0x0000 
T=128(#40)
Apr 18 15:45:57 firewall kernel: Packet log: input DENY eth0 PROTO=17 
66.147.147.152:520 66.147.147.255:520 L=52 S=0x00 I=64317 F=0x0000 
T=128(#40)
Apr 18 15:46:30 firewall kernel: Packet log: input DENY eth0 PROTO=17 
66.147.147.152:520 66.147.147.255:520 L=52 S=0x00 I=64320 F=0x0000 
T=128(#40)
<snip>
this looks like a box on the network broadcasting.
OK to DENY, no logging?  what is port 520?

<snip>
Apr 18 15:46:21 firewall kernel: Packet log: input DENY eth0 PROTO=17 
172.16.1.135:1034 255.255.255.255:164 L=128 S=0x00 I=44552 F=0x0000 
T=128(#9)
Apr 18 15:48:22 firewall kernel: Packet log: input DENY eth0 PROTO=17 
172.16.1.135:1034 255.255.255.255:164 L=128 S=0x00 I=46818 F=0x0000 
T=128(#9)
Apr 18 15:50:22 firewall kernel: Packet log: input DENY eth0 PROTO=17 
172.16.1.135:1034 255.255.255.255:164 L=128 S=0x00 I=49084 F=0x0000 
T=128(#9)
Apr 18 15:52:22 firewall kernel: Packet log: input DENY eth0 PROTO=17 
172.16.1.135:1034 255.255.255.255:164 L=128 S=0x00 I=51304 F=0x0000 
T=128(#9)
<snip>
same as above but with a private IP?  what is port 1034 and 164?

<snip>
Apr 18 15:45:03 firewall kernel: Packet log: input DENY eth0 PROTO=17 
10.10.0.6:67 255.255.255.255:68 L=352 S=0x00 I=32047 F=0x4000 T=255(#8)
Apr 18 15:45:03 firewall dhclient: ip length 352 disagrees with bytes 
received 356.
Apr 18 15:45:03 firewall dhclient: accepting packet with data after udp 
payload.
Apr 18 15:45:06 firewall kernel: Packet log: input DENY eth0 PROTO=17 
10.10.0.6:67 255.255.255.255:68 L=352 S=0x00 I=32048 F=0x4000 T=255(#8)
Apr 18 15:45:06 firewall dhclient: ip length 352 disagrees with bytes 
received 356.
Apr 18 15:45:06 firewall dhclient: accepting packet with data after udp 
payload.
Apr 18 15:45:13 firewall kernel: Packet log: input DENY eth0 PROTO=17 
10.10.0.6:67 255.255.255.255:68 L=352 S=0x00 I=32049 F=0x4000 T=255(#8)
Apr 18 15:45:13 firewall dhclient: ip length 352 disagrees with bytes 
received 356.
Apr 18 15:45:13 firewall dhclient: accepting packet with data after udp 
payload.
<snip>
this is my DHCP server.  what is happening with the ip length?

If I change ipchains to DENY, no logging, will this leave me open to
other problems?

thanks
mike
[EMAIL PROTECTED]

_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] help understanding ipchains output (newbie)

Reply via email to