Re: IP fw-in deny (?)

To: "Ayres, Richard" <Richard.Ayres@Brann.co.uk>
Cc: 'Paul Tod Rieger' <prie@abl.com>, debian-firewall@lists.debian.org
Subject: Re: IP fw-in deny (?)
From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
Date: Sun, 2 May 1999 09:16:02 +0200
Message-id: <[🔎] 19990502091602.B14347@finlandia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.north.de>
In-reply-to: <75653DF6BA5ED211B5E00008C7287D7346EC82@BRISTOL_MBX1>; from Ayres, Richard on Thu, Apr 22, 1999 at 04:21:14PM +0100
References: <75653DF6BA5ED211B5E00008C7287D7346EC82@BRISTOL_MBX1>

Ayres, Richard wrote:
> > kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
> > S=0x00 I=53838 F=0x0000 T=128
> 
> Looks like DHCP.

Or BOOTP. 

finlandia:/var# grep bootp /etc/services
bootps          67/tcp                          # BOOTP server
bootps          67/udp
bootpc          68/tcp                          # BOOTP client
bootpc          68/udp

> > eth0 is the NIC to my cable modem, and 192.168.4.1 is the NIC to my
> > LAN.  The machine is an IPmasq firewall (and server in general).
> 
> I guess that somewhere on your LAN is a DHCP client and the firewall is
> attempting to route the DHCP requests out onto the internet, but getting
> stopped. It's a bit weird that you seem to be getting packets from
> '192.168.4.1' coming /in/ to eth0 rather than eth1, though.

One feature of DHCP is 'lease' which means that the client reconfigures
itself and re-sends DHCP queries.  Not that this would work with
windows but it sends packages.

Regards,

	Joey

-- 
Whenever you meet yourself you're in a time loop or in front of a mirror.

Please always Cc to me when replying to me on the lists.

Reply to:

Prev by Date: Re: FIREWALL STRATEGY (What do you think?)
Next by Date: Re: FIREWALL STRATEGY (What do you think?)
Previous by thread: Re: FIREWALL STRATEGY (What do you think?)
Next by thread: Re: tcplogd causing minor accept() trauma in authsrv (fwtk)...
Index(es):
- Date
- Thread