[Firehol-support] Re: DHCP Log Messages - Please HELP!
cougar
c0ugar7i8 at comcast.net
Wed Aug 24 04:30:44 CEST 2005
Thanks so much for replying,
> cougar <c0ugar7i8 at comcast.net> writes:
>
>
>> I've been using Firehol on Debian for 3-4 weeks and I'm deeply
>> troubled by this issue.
>>
>> I'm using ULOG for my logging. My syslogemu.log is filled up with the
>> following lines...
>>
>> Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT=
>> MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00 SRC=10.125.144.1
>> DST=255.255.255.255
>> LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15592 PROTO=UDP SPT=67 DPT=68
>> LEN=335
>>
>
> So, firehol logs all the DHCP broadcast messages to your logs.
>
> [...]
>
>
>> These requests come every 3-7 seconds.
>>
>
> You might consider setting your DHCP server to have a longer
> timeout, or
> if eth1 is connected to your ADSL modem, just adding a 'client dhcp
> accept' statement and the '255.255.255.255/32' address as a valid
> target
> address on that interface.
How do I do this exactly. My eth1 is in fact set up to grab an IP
automatically from my ISP, which
is Comcast. My eth0 is set up to distribute IPs to my local machines
on my network.
> [...]
>
>
>> The reason why I'm so concerned is I think the constant logging is
>> doing something to my network,
>>
>
> Unless your system is very badly configured, this is extremely
> unlikely
> to be true, especially as you report using the ULOG interface for
> these
> messages.
>
>
>> causing congestion, especially on VoIP applications.
>>
>
> That is even less likely to be true, since the ULOG system does not
> support reporting over the network and, as such, can't actually get in
> the way of network traffic.
>
>
> The one possible issue here is if you use an ancient hard disk, hard
> disk controller, or a compact flash based drive to log to.
>
> If the IDE subsystem is keeping IRQs masked during disk transactions,
> any disk activity which, logically enough, includes log writes, could
> cause an interrupt latency of more than 50ms, possibly resulting in
> overruns and retransmissions on cheap network cards...
>
> Check that interrupts are unmasked with hdparm, and see if that helps.
>
> Otherwise, just stop logging out the DHCP packets. You can use
> statements like this to drop without logging:
>
> client dhcp drop
If I use 'client dhcp drop', will that prevent my Linux box from
grabbing an IP?
>
> No log statement, nothing in the log.
That's my goal :)
Rick
More information about the Firehol-support
mailing list