On Wed, 12 Jun 2002, Eric House wrote: > My shorewall logs show that I'm dropping an identical packet every > three minutes (exactly). After a reboot of the router the packet > resumes, but might be at a different time -- which makes me wonder > if it's an artifact of the router rather than coming from outside. > > Anyway, here's one entry. Does this mean anything to any of you? > > Jun 12 19:26:22 pauling kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > MAC=01:00:5e:00:00:01:00:20:40:64:a1:fd:08:00 SRC=192.168.100.1 > DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 > > (My internal networks are 192.168.1.0 and 192.168.2.0. I'm running > Bering rc2 with AT&T cable.)
Some device on the internet side of your router is configured with IP address 192.168.100.1 and is sending a multicast packet every three minutes. Because the source address is reserved by RFC 1918 and you have 'norfc1918' specified for eth0, the packet is being dropped. You can eliminate that message in one of two ways: a) Create the file /etc/shorewall/start (if it's not already part of the Bering distribution) and add the command: run_iptables -I rfc1918 -s 192.168.100.1 -d 224.0.0.1 -j DROP b) Upgrade to Shorewall 1.3.1 and insert the following at the top of /etc/shorewall/rfc1918: 192.168.100.1 DROP If you choose a), then when you upgrade your Bering distribution to one that incluces Shorewall 1.3.1 or later, you will want to adopt approach b). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
