hello,
From: Dr. Peter Bast [mailto:pb@infai.de] Hello,
I get permanently the following messages in my /var/log/messages:
Jun 5 11:05:20 inis kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT= MAC= SRC=192.168.201.55 DST=192.168.201.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=12 Jun 5 11:05:20 inis kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=12
according to /etc/services udp-port 520 serves a routing protocoll.
I use a Server with SuSE Linux 8.0 connected to a LAN via eth0 (192.168.201.55) and to an externel ADSL-Router via eth1 (192.168.0.2). The LAN-IP of the Hardware-Router is 192.168.0.1. All Netmasks are set to 255.255.255.0. The connections between the internal Netdevice (eth0) and the external Netdevice (eth1) are very slow. On the Server running BIND9, Squid Samba and Sendmail.
did you enable routing in the kernel (i guess so) and do you need it? do you use a hub where eth0 is connected to the adsl-router? if you just want to get rid of the entries you have to configure /etc/rc.config.d/firewall2-custom.rc.config and add something like fw_custom_before_antispoofing() { iptables -A INPUT -j [DROP|ACCEPT] -p udp --dport 520 true } hope that helps you a bit. regards, stefan