RE: Re: [suse-security] request for help with log entries
<snip>
It seems like your machine at 192.168.100.1 is trying to contact machine at 224.0.0.1 and is being denied by the firewall.
224.X.X.X is a multicast IP address IIRC. Maybe that is the reason y it gets blocked at the firewall. Cheers Chris
On Wed 05 Dec 01 18:49, christian.burri@synecta.ch wrote:
<snip>
It seems like your machine at 192.168.100.1 is trying to contact machine
at
224.0.0.1 and is being denied by the firewall.
224.X.X.X is a multicast IP address IIRC. Maybe that is the reason y it gets blocked at the firewall.
Yup, multicasts are blocked by default (I think) by SuSEfirewall2. They're only usefull if you're on the MBONE ...
Cheers Chris
On Wed, 5 Dec 2001, Ray Leach wrote:
On Wed 05 Dec 01 18:49, christian.burri@synecta.ch wrote:
<snip> It seems like your machine at 192.168.100.1 is trying to contact machine at 224.0.0.1 and is being denied by the firewall.
Strange. I don't have a machine 192.168.100.1 . # ifconfig eth0 [...] inet addr:62.xxx.xxx.xxx lo [...] vmnet1 Link encap:Ethernet HWaddr 00:50:56:01:00:00 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe01:0/10 Scope:Link inet6 addr: fe80::50:5601:0/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
224.X.X.X is a multicast IP address IIRC. Maybe that is the reason y it gets blocked at the firewall.
Yup, multicasts are blocked by default (I think) by SuSEfirewall2. They're only usefull if you're on the MBONE ...
So what is going on here? thanx, wieland
On Wed, 5 Dec 2001, Johannes Geiger wrote:
Hello Wieland Gmeiner,
Hello Johannes Geiger,
On Wed, Dec 05, 2001 at 07:04:36PM +0100, Wieland Gmeiner wrote:
Strange. I don't have a machine 192.168.100.1 .
So what is going on here?
Just guessing: Do you use a cable modem?
You are right, I use a cable modem. Please let me know your further interpretation.
Regards,
Johannes
TIA, wieland
Hello Wieland Gmeiner, On Thu, Dec 06, 2001 at 03:55:10PM +0100, Wieland Gmeiner wrote:
On Wed, Dec 05, 2001 at 07:04:36PM +0100, Wieland Gmeiner wrote:
Strange. I don't have a machine 192.168.100.1 .
So what is going on here?
Just guessing: Do you use a cable modem?
You are right, I use a cable modem. Please let me know your further interpretation.
192.168.100.1 might be the IP-address of your cable modem. To verify eg. type http://192.168.100.1/ in your browser. HTH Johannes
On Thu, 6 Dec 2001, Johannes Geiger wrote:
Hello Wieland Gmeiner, On Thu, Dec 06, 2001 at 03:55:10PM +0100, Wieland Gmeiner wrote:
On Wed, Dec 05, 2001 at 07:04:36PM +0100, Wieland Gmeiner wrote:
Strange. I don't have a machine 192.168.100.1 .
So what is going on here?
Just guessing: Do you use a cable modem?
You are right, I use a cable modem. Please let me know your further interpretation.
192.168.100.1 might be the IP-address of your cable modem. To verify eg. type http://192.168.100.1/ in your browser.
HTH it does, indeed Johannes
You are right again. So, if I got it right, my cable modem is sending multicast datagrams which are dropped by SuSEfirewall2 ? Why is it doing this? Is this default behaviour or misconfiguration? And what is this MAC adress (?) about? /var/log/firewall: [...] Dec 6 19:53:09 w1 kernel: SuSE-FW-UNALLOWED-TARGETIN=eth0 OUT= MAC=01:00:5e:00:00:01:00:20:40:e5:b4:35:08:00 SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 [...] thanks, wieland
Comcast came out about 2 weeks ago and switched my cable modem and this garbage started with me. But I can't seem to get iptables to not log that entry, since it just is filling up the log file. Any suggestions would be appreciated. Thanx Johannes Geiger wrote:
Hello Wieland Gmeiner,
On Thu, Dec 06, 2001 at 03:55:10PM +0100, Wieland Gmeiner wrote:
On Wed, Dec 05, 2001 at 07:04:36PM +0100, Wieland Gmeiner wrote:
Strange. I don't have a machine 192.168.100.1 .
So what is going on here?
Just guessing: Do you use a cable modem?
You are right, I use a cable modem. Please let me know your further interpretation.
192.168.100.1 might be the IP-address of your cable modem. To verify eg. type http://192.168.100.1/ in your browser.
HTH
Johannes
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (5)
-
christian.burri@synecta.ch
-
Johannes Geiger
-
Jonathan
-
Ray Leach
-
Wieland Gmeiner