[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [opensuse-security] A curious firewall message I don't understand.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Thursday 2008-01-17 at 14:28 -0700, Wilson Mattos wrote:
Is the source MAC address a host on that network segment or is it the IP
address of your router? Describe your network setup in a little more
detail and maybe I can help with other ideas to figure this out.
That mac must be the one from the router:
nimrodel:~ # arp
Address HWtype HWaddress Flags Mask Iface
router ether 00:30:DA:70:D7:EA C eth0
No, it is not... hold on.
log entry:
Jan 17 11:11:33 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT=
MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1
DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=34107 PROTO=ICMP
TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=51874 DF PROTO=UDP SPT=2900 DPT=53 LEN=40 ]
The "MAC=..." corresponds to a composition of source mac + destination
mac + unknown. Weird!
See:
MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00
suse mac | router mac | ??
| |
My network is very simple:
small
adsl---> router ---lan--+-----> PC
with | (suse 10.3)
firewall | with SuSEfirewall
192.168.1.1 | 192.168.1.12
mac: 00:30:DA:70:D7:EA | mac: 00:40:F4:2E:B1:21
|
+----> 7.3 PC (off)
|
+----> TV gadget (disconected)
|
+----> free (disconected currently)
And the wifi part of the adsl-router is off, too (it is a linux 2.4
embedded machine)
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHj+zotTMYHG2NR9URAskGAJ9dOY80dMJgp/QAOaEWInCILwU1YQCgmYi8
g97ijVq7b3cCmOKCj7FnKo4=
=ldUZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx