[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] A curious firewall message I don't understand.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Thursday 2008-01-17 at 14:28 -0700, Wilson Mattos wrote:

Is the source MAC address a host on that network segment or is it the IP address of your router? Describe your network setup in a little more detail and maybe I can help with other ideas to figure this out.

That mac must be the one from the router:

nimrodel:~ # arp
Address                  HWtype  HWaddress           Flags Mask            Iface
router                   ether   00:30:DA:70:D7:EA   C                     eth0


No, it is not... hold on.

log entry:

Jan 17 11:11:33 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT=
  MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1
  DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=34107 PROTO=ICMP
  TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00
  PREC=0x00 TTL=64 ID=51874 DF PROTO=UDP SPT=2900 DPT=53 LEN=40 ]


The "MAC=..." corresponds to a composition of source mac + destination mac + unknown. Weird!

See:

MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00
       suse mac      |  router mac     | ??
                     |                 |



My network is very simple:


                   small
 adsl---> router ---lan--+-----> PC
         with            |      (suse 10.3)
        firewall         |      with SuSEfirewall
      192.168.1.1        |      192.168.1.12
 mac: 00:30:DA:70:D7:EA  |    mac: 00:40:F4:2E:B1:21
                         |
                         +----> 7.3 PC    (off)
                         |
                         +----> TV gadget (disconected)
                         |
                         +----> free (disconected currently)

And the wifi part of the adsl-router is off, too (it is a linux 2.4 embedded machine)


- -- Cheers,
       Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFHj+zotTMYHG2NR9URAskGAJ9dOY80dMJgp/QAOaEWInCILwU1YQCgmYi8
g97ijVq7b3cCmOKCj7FnKo4=
=ldUZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx