On Monday, June 27, 2011 04:46:41 PM Dimstar / Dominique Leuenberger wrote:
On Mon, 2011-06-27 at 16:18 +0700, Constant Brouerius van Nidek wrote:
In my dmesg I have a lot of message lines which all start with and have all the same content. Googling gave me discussions since 2004 but no real solution.
The only info somewhere was that it is: Multicast DNS, if you don't need it, disable it edit
your /etc/host.conf and set mdns off
For the time being I have disabled mdns but would like to find some background information. Do I need Multicast? Why does this message creeps into Linux since 2004? Whatis SFW2? Something that drops does not sound good. What drops?
SFW2 is the SuSE Firewall 2. A ;'drop' here means an incoming package has been dropped, instead of being replied to.
It's the purpose of the firewall, and you generally have two ways of answering to an 'intruder': - Tell him you do not serve this port - Ignore the package and let the 'intruder' timeout, waiting for an answer.
Somebody with answers?
One of the complete lines I find the dmesg full with is:
[60253.528099] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=5e:61:19:e7:2a:36:00:25:86:cf:8d:ae:08:00 SRC=64.41.4.144 DST=192.168.1.101 LEN=54 TOS=0x00 PREC=0x00 TTL=113 ID=6668 PROTO=UDP SPT=27896 DPT=1620 LEN=34
This does not actually look like a Multicast. Some host (64.41.4.144) tried to access your internal machine (192.168.1.101) on port 1620.
This means that on your border gateway, you do have NAT/PAT enabled and apparently do forwarded a package from external to this port. So it might be intentional. OR it might be a program using UPnP to reconfigure your border gateway, having the port forwarded to you (bittorrent clients use to do that).
So you'd have to evaluate if this is traffic you do want on your machine. If it is, then you should probably allow this specific port in your suse firewall.
Best regards, Dominique
Thanks Dominique and Togan. Everything is much clearer and I begin to understand some of the information contained in the messages. It is a good start for advance a intensive study of the mechanism of DEFLT -- Linux User 183145 using LXDE and KDE4 on a Pentium IV , powered by openSUSE 11.4 (i586) Kernel: 3.0.0-rc4-2-desktop LXDE WM & KDE Development Platform: 4.6.4 (4.6.4) 12:52pm up 1 day 0:25, 1 user, load average: 0.36, 0.41, 0.24 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org