[Firehol-support] DHCP Log Messages - Please HELP!

cougar c0ugar7i8 at comcast.net
Tue Aug 23 21:25:55 BST 2005 

Hello everyone,

I've been using Firehol on Debian for 3-4 weeks and I'm deeply  
troubled by this issue.

I'm using ULOG for my logging. My syslogemu.log is filled up with the  
following lines...

Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355  
TOS=00 PREC=0x00 TTL=64 ID=15592 PROTO=UDP SPT=67 DPT=68 LEN=335
Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355  
TOS=00 PREC=0x00 TTL=64 ID=15595 PROTO=UDP SPT=67 DPT=68 LEN=335
Aug 23 16:13:34 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355  
TOS=00 PREC=0x00 TTL=64 ID=15618 PROTO=UDP SPT=67 DPT=68 LEN=335
Aug 23 16:13:34 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355  
TOS=00 PREC=0x00 TTL=64 ID=15622 PROTO=UDP SPT=67 DPT=68 LEN=335
Aug 23 16:13:42 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355  
TOS=00 PREC=0x00 TTL=64 ID=15816 PROTO=UDP SPT=67 DPT=68 LEN=335
Aug 23 16:13:42 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355  
TOS=00 PREC=0x00 TTL=64 ID=15819 PROTO=UDP SPT=67 DPT=68 LEN=335
Aug 23 16:13:49 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=12.210.208.131  
DST=68.45.214.101 LEN=60 TOS=00 PREC=0x20 TTL=116 ID=40390 CE  
PROTO=UDP SPT=6346 DPT=6348 LEN=40
Aug 23 16:13:51 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=356  
TOS=00 PREC=0x00 TTL=64 ID=16000 PROTO=UDP SPT=67 DPT=68 LEN=336
Aug 23 16:13:51 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff: 
00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=356  
TOS=00 PREC=0x00 TTL=64 ID=16003 PROTO=UDP SPT=67 DPT=68 LEN=336
Aug 23 16:13:57 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=82.36.20.10  
DST=68.45.214.101 LEN=60 TOS=00 PREC=0x20 TTL=112 ID=28780 PROTO=UDP  
SPT=6346 DPT=6348 LEN=40

These requests come every 3-7 seconds.

First up is the Firehol Version information...

Package: firehol
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 792
Maintainer: Alexander Wirt <formorer at debian.org>
Architecture: all
Version: 1.231-2
Depends: iptables (>= 1.2.4), iproute, net-tools, bash (>= 2.04), bc
Recommends: modutils | module-init-tools, wget | curl
Conffiles:
/etc/init.d/firehol 7717da4dec6f986868eed7f80f9c73c1
/etc/firehol/firehol.conf 9864d4924f1f9a68dcfa4ee67961c812
/etc/default/firehol 642a7e3e4522810e37955949944ea980
Description: An easy to use but powerful iptables stateful firewall
Generates generic firewalls with an extremly simple but powerful
configuration language, enabling you to design any kind of local
or routing stateful packet filtering firewall with ease.

The files are getting big...

-rw-r-----  1 root adm  22M 2005-08-23 16:16 syslogemu.log
-rw-r-----  1 root adm  63M 2005-08-21 06:25 syslogemu.log.1
-rw-r-----  1 root adm  52M 2005-08-14 06:25 syslogemu.log.2
-rw-r-----  1 root adm  63M 2005-08-07 06:25 syslogemu.log.3
-rw-r--r--  1 root root 59M 2005-07-31 06:25 syslogemu.log.4

The reason why I'm so concerned is I think the constant logging is  
doing something to my network, causing congestion, especially on VoIP  
applications. Now the firehol.sh script I was using that came with  
the Debian install was from a pre-1.211 version of FireHOL says Costa.

Here is my firehol.conf : http://pastebin.ca/19665

Here is the output after running firehol in 'explain' mode: http:// 
pastebin.ca/19741

The conversation / thread between Costa and I can be found here :  
http://sourceforge.net/forum/forum.php?thread_id=1267867&forum_id=196547

PLEASE HELP!

Rick alias cougar
Software Developer / Computer Specialist
Personal Email: c0ugar7i8 at comcast.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20050823/e58da29d/attachment-0002.html>

More information about the Firehol-support mailing list