Re: help with firewall log message
On Monday 24 March 2003 17:34, someone, possibly Darryl Hoar, typed: > Mar 24 08:06:43 darryl ipmon[98]: 08:06:42.283459 xl0 @0:3 b > 10.0.0.1,router -> > 10.0.0.255,router PR udp len 20 72 IN > > what does it mean ? I'd say it looks like what ever 10.0.0.1 is, is either running routed/gated, or is a hardware router. Either way, it's trying to do UDP RIP advertisements to the local broadcast address, to try and discover other routers on the network. If 10.0.0.1 is your firewall, and you don't need routed/gated (if you only have a default route out of there, you don't), you can disable it with /stand/sysinstall, in the networking options. Will -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 51 522 44 36 (after hours) +27 82 404 03 27 (mobile) [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: help with firewall log message
On Mon, 24 Mar 2003, Darryl Hoar wrote: > Greetings, > I am running 4.4-stable on my firewall. > I have set it up using www.schlacter.com > as a guide. > > I keep getting this message very minute in my > firewall log. I need to decipher this and if its > normal, quit logging it as it's filling up my > firewall log. > > here's the entry: > > > Mar 24 08:06:43 darryl ipmon[98]: 08:06:42.283459 xl0 @0:3 b > 10.0.0.1,router -> > 10.0.0.255,router PR udp len 20 72 IN > > what does it mean ? It's an RIP announcement. > Also, is there a good reference that would allow a user > to break down the message and understand it ? Probably something on the ipfilter web site. The log format looks like date, machine, process, accurate timestamp, interface, rule, action taken (from the source), then the 10.0.0.1,router bit which is the packet detail. In this case "router" is udp port 520 (look it up in /etc/services) broadcasting (that's the 10.0.0.255). The protocol's udp and the rest are more packet details. Your router is probably generating these every 30 seconds or so. You can either configure it to not do so or ignore this log line. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Donate a signature: http://ioctl.org/jan/sig-submit To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: help with firewall log message
> -Original Message- > From: Darryl Hoar [mailto:[EMAIL PROTECTED] > Sent: Monday, March 24, 2003 17:35 > To: [EMAIL PROTECTED] > Subject: help with firewall log message > > > Greetings, > what does it mean ? > Also, is there a good reference that would allow a user > to break down the message and understand it ? /usr/share/examples/ipfilter/ipf-howto.txt To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
