Re: IP fw-in deny (?)

To: Manel Marin <uni00771@pc-internet.com>
Cc: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: IP fw-in deny (?)
From: Dean Carpenter <deano@areyes.com>
Date: Sat, 24 Apr 1999 12:46:31 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.990424124104.10035A-100000@uluru.areyes.com>
In-reply-to: <[🔎] 19990424095649.A1122@p166>

This is not tunneling.

These are DHCP requests coming in over your ppp line.  That is, other
(usually Winders) machines looking for an IP configuration to be given to
them.

The ISP should not be forwarding these to you.  Tell them to stop.  If
they don't, you can do a couple of things.  Make a FW rule explicitly for
UDP port 68 inbound on eth0, and don't log it.  You'll never see them
again.  This doesn't stop the packets from coming in though, using your
bandwidth.

You can start a DHCP server daemon yourself and hand out bogus IP
addresses to serve these clients, like this :

IP:	192.168.200.x	(x is from 1 to 253)
MASK:	255.255.255.0
GW:	192.168.200.1
DNS:	192.168.200.1

The client machine requesting the DHCP info will use this for their IP
config, and won't work at all.  Then they'll call the ISP and complain.
More complaints = fixes usually.

On Sat, 24 Apr 1999, Manel Marin wrote:

> On Thu, Apr 22, 1999 at 08:00:00PM -0400, Paul Tod Rieger wrote:
> > 
> > Just to be clearer, the typical message looks like:
> > 
> > kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
> > S=0x00 I=53838 F=0x0000 T=128
> > 
> 
> Everytime I connect to inet through "Infovia plus" (Spain) I got this: 
> 
> Apr 23 20:53:01 p166 pppd[2241]: local  IP address X.X.X.X
> Apr 23 20:53:01 p166 pppd[2241]: remote IP address Y.Y.Y.Y
> Apr 23 20:53:01 p166 kernel: IP fw-in deny ppp0 UDP 0.0.0.0:68 255.255.255.255:67 L=576 S=0x00 I=59668 F=0x0040 T=30 
> Apr 23 20:53:01 p166 pppd[2241]: Unsupported protocol (0x31) received
> Apr 23 20:53:04 p166 kernel: IP fw-in deny ppp0 UDP 0.0.0.0:68 255.255.255.255:67 L=576 S=0x00 I=59675 F=0x0040 T=30 
> Apr 23 20:53:08 p166 pppd[2241]: Unsupported protocol (0x31) received
> Apr 23 20:53:16 p166 kernel: IP fw-in deny ppp0 UDP 0.0.0.0:68 255.255.255.255:67 L=576 S=0x00 I=59706 F=0x0040 T=30 
> Apr 23 20:53:32 p166 pppd[2241]: Unsupported protocol (0x31) received
> 
> Someone told me that this is due to the units used for tunneling by the phone
> company...Other phone companies do not give this. Perhaps it is same case with
> your connection...
> 
> 
> Best regards, 
> -- 
> --------------------------------
> Manel Marin   e-mail: uni00771@pc-internet.com
> Linux Powered (Debian 2.0)
> --------------------------------
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 

--
Dean Carpenter		deano@areyes.com			94TT :)
Areyes, Inc.		Dean.Carpenter@pharma.com

"No matter where you go, there you are"  sayeth Buckaroo 								 across the Eighth Dimension

Reply to:

References:
- Re: IP fw-in deny (?)
  - From: Manel Marin <uni00771@pc-internet.com>

Prev by Date: Re: Is my ISP hacked (II)?
Next by Date: Re: IP fw-in deny (web-enabled monitor?)
Previous by thread: Re: IP fw-in deny (?)
Next by thread: Re: IP fw-in deny (web-enabled monitor?)
Index(es):
- Date
- Thread