sean coogan wrote:
>
>
> every time these sort of packets show up in the logs the firewall stops
> allowing access to
> the internet (logs from one instance)
>
> Aug 8 04:22:11 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=
> MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00
> TTL=64 ID=11867 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:14
> Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=9879 DF
> PROTO=UDP SPT=68 DPT=67 LEN=308
>
> my question is does this show someone trying to access my firewall or is it a
> false positive (?)
> ie something on my network producing these hits or is some one trying to get
> in
> (god alone knows why they'd bother).
>
These are DHCP broadcasts. In a private post, Sean has indicated that the IP
address of eth1 is 192.168.1.254.
So there are two possibilities:
a) eth0 and eth1 have been bridged due to a cabling error.
b) The packets come from an outside host who just happens to have that IP
address.
If the problem is a), the fix is obvious -- correct the physical cabling. If the
problem is b), then the messages can be eliminated by setting the 'dhcp' option
on eth0 in /etc/shorewall/shorewall.conf.
Given that the firewall stops working when this happens, I'm betting on a).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
