This message keeps showing up repeatedly in the journalctl log: Aug 05 21:29:43 linux2 kernel: SFW2-INext-DROP-DEFLT IN=enp3s0 OUT= MAC=33:33:00:00:00:fb:a0:88:b4:c5:99:9c:86:dd SRC=fe80:0000:0000:0000:c534:6352:2873:f469 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=88 I gather it has to do with the firewall. The MAC address does not seem to match any of the devices on the local network (which is small). Can anyone tell me what it means and what I should do about it? Running OpenSuse 13.2, wired ethernet connection to router. Thanks. Fr Ousley -- Church of St Michael the Archangel Fr David Ousley 6611 Ardleigh Street Philadelphia, PA 19119 215-247-1092 ordinariatephiladelphia.org newmanfellowship.org dao@anglicanphiladelphia.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/05/2015 09:43 PM, Fr David Ousley wrote:
This message keeps showing up repeatedly in the journalctl log:
Aug 05 21:29:43 linux2 kernel: SFW2-INext-DROP-DEFLT IN=enp3s0 OUT= MAC=33:33:00:00:00:fb:a0:88:b4:c5:99:9c:86:dd SRC=fe80:0000:0000:0000:c534:6352:2873:f469 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=88
I gather it has to do with the firewall. The MAC address does not seem to match any of the devices on the local network (which is small). Can anyone tell me what it means and what I should do about it?
Running OpenSuse 13.2, wired ethernet connection to router.
Obvious question(s): a) us your LAN enabled for IPv6? b) is the router enabled for IPv6 on either side? c) what's the MAX address of the _far_ side of your router? Just a a maybe-help, could you run 'arp' and let us have the output. I'm not sure how you might have things configured at your site, but I have my router sending syslog messages to my desktop. If I want one-and-only-one repository (I don't) I could pipe that into journalctl. Do you? The reason I ask is "what can show up in your journalctl and what can't"? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-08-06 03:43, Fr David Ousley wrote:
This message keeps showing up repeatedly in the journalctl log:
Aug 05 21:29:43 linux2 kernel: SFW2-INext-DROP-DEFLT IN=enp3s0 OUT= MAC=33:33:00:00:00:fb:a0:88:b4:c5:99:9c:86:dd SRC=fe80:0000:0000:0000:c534:6352:2873:f469 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=88
I gather it has to do with the firewall.
Yes.
The MAC address does not seem to match any of the devices on the local network (which is small). Can anyone tell me what it means and what I should do about it?
The log entry is incomplete, there should be data about the ports. That would tell what it is about. The message just says that there was a connection attempt that the firewall rejected. Not important, unless you want that connection, or it is so frequent that it becomes a nuisance. SRC=fe80:0000... is a link local address. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
В Wed, 5 Aug 2015 21:43:13 -0400 Fr David Ousley <davidousley@verizon.net> пишет:
This message keeps showing up repeatedly in the journalctl log:
Aug 05 21:29:43 linux2 kernel: SFW2-INext-DROP-DEFLT IN=enp3s0 OUT= MAC=33:33:00:00:00:fb:a0:88:b4:c5:99:9c:86:dd SRC=fe80:0000:0000:0000:c534:6352:2873:f469 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=88
I gather it has to do with the firewall. The MAC address does not seem to match any of the devices on the local network (which is small). Can anyone tell me what it means and what I should do about it?
MAC 33:33:xx:xx:xx is IPv6 multicast address and ff02::fb is mDNSv6. So someone tries to transmit mDNS packets which are multicast by definition. a0:88:b4 is Intel so full MAC would be a0:88_b4_c5:99:9c. I do not know what last 2 bytes in MAC field of log message mean. IPv6 fe80 prefix is for link-local addresses; they usually use modified MAC in the lower part, but here it does not look like it. But in principle that can be anything. Do you have device with MAC a0:88_b4_c5:99:9c?
Running OpenSuse 13.2, wired ethernet connection to router.
Thanks.
Fr Ousley
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op donderdag 6 augustus 2015 07:07:50 schreef Andrei Borzenkov:
MAC 33:33:xx:xx:xx is IPv6 multicast address and ff02::fb is mDNSv6. So someone tries to transmit mDNS packets which are multicast by definition. a0:88:b4 is Intel so full MAC would be a0:88_b4_c5:99:9c. I do not know what last 2 bytes in MAC field of log message mean.
mDNS uses port 5353 which is blocked in the firewall. If you want these to get through you may add filter rules to FW_SERVICES_ACCEPT_EXT like: fe80::/64,udp,5353 xxxx:yyyy:zzzz::/48,udp,5353 where xxxx:yyyy:zzzz represents the /48 network you got from your provider. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
This message keeps showing up repeatedly in the journalctl log:
Aug 05 21:29:43 linux2 kernel: SFW2-INext-DROP-DEFLT IN=enp3s0 OUT= MAC=33:33:00:00:00:fb:a0:88:b4:c5:99:9c:86:dd SRC=fe80:0000:0000:0000:c534:6352:2873:f469 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=88
Do you have device with MAC a0:88_b4_c5:99:9c?
I traced this (thanks for the suggestion) to my son's windows machine. He being a recent electrical engineering (i.e. computer) grad, he will take care of it for me. Many thanks!
-- Church of St Michael the Archangel Fr David Ousley 6611 Ardleigh Street Philadelphia, PA 19119 215-247-1092 ordinariatephiladelphia.org newmanfellowship.org dao@anglicanphiladelphia.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/06/2015 03:37 PM, Fr David Ousley wrote:
Do you have device with MAC a0:88_b4_c5:99:9c?
I traced this (thanks for the suggestion) to my son's windows machine. He being a recent electrical engineering (i.e. computer) grad, he will take care of it for me. Many thanks!
I believe this may have something to do with Windows HomeGroup networks. It runs over IPv6 only and the mDNS is a way to get around the lack of a DNS server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Andrei Borzenkov -
Anton Aylward -
Carlos E. R. -
Fr David Ousley -
Freek de Kruijf -
James Knott