[Firehol-support] Re: DHCP Log Messages - Please HELP!

cougar c0ugar7i8 at comcast.net
Wed Aug 24 06:02:38 BST 2005 

On Aug 23, 2005, at 23:43 PM, Daniel Pittman wrote:

> cougar <c0ugar7i8 at comcast.net> writes:
>
>>> cougar <c0ugar7i8 at comcast.net> writes:
>>>
>>>
>>>> I've been using Firehol on Debian for 3-4 weeks and I'm deeply
>>>> troubled by this issue.
>>>>
>>>> I'm using ULOG for my logging. My syslogemu.log is filled up  
>>>> with the
>>>> following lines...
>>>>
>>>> Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT=
>>>> MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1
>>>> DST=255.255.255.255
>>>> LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15592 PROTO=UDP SPT=67 DPT=68
>>>> LEN=335
>>>>
>>>>
>>>
>>> So, firehol logs all the DHCP broadcast messages to your logs.
>>>
>>> [...]
>>>
>>>
>>>
>>>> These requests come every 3-7 seconds.
>>>>
>>>>
>>>
>>> You might consider setting your DHCP server to have a longer  
>>> timeout,
>>> or if eth1 is connected to your ADSL modem, just adding a 'client
>>> dhcp accept' statement and the '255.255.255.255/32' address as a
>>> valid target address on that interface.
>>>
>>
>> How do I do this exactly. My eth1 is in fact set up to grab an IP
>> automatically from my ISP, which is Comcast. My eth0 is set up to
>> distribute IPs to my local machines on my network.
>>
>
> Note:  you shouldn't need to specify the paths to the various tools in
> your firehol.conf file under Debian.  They just work out of the box...
>
> Anyway, just add a 'client dhcp accept' and a 'server dhcp drop'
> statement under 'interface eth1 ...' in the configuration file.

I had 'client all accept', shouldn't that take care of the 'client  
dhcp accept'?
I added the 'server dhcp drop' like you suggested and now I'm  
receiving these...

Aug 24 00:58:39 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1  
MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2  
DST=205.206.113.59 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=58867 CE  
PROTO=TCP SPT=57191 DPT=6346 SEQ=1555253119 ACK=1293108379  
WINDOW=65535 ACK URGP=0
Aug 24 00:58:43 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1  
MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2  
DST=24.167.32.158 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=58882 CE  
PROTO=TCP SPT=57202 DPT=6348 SEQ=2460209202 ACK=2667382575  
WINDOW=65535 ACK URGP=0
Aug 24 00:58:50 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=69.26.191.46  
DST=68.45.214.101 LEN=48 TOS=00 PREC=0x20 TTL=111 ID=53664 CE DF  
PROTO=TCP SPT=4502 DPT=6348 SEQ=3293779179 ACK=0 WINDOW=64240 SYN URGP=0
Aug 24 00:58:50 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=69.26.191.46  
DST=68.45.214.101 LEN=48 TOS=00 PREC=0x20 TTL=111 ID=54169 CE DF  
PROTO=TCP SPT=4502 DPT=6348 SEQ=3293779179 ACK=0 WINDOW=64240 SYN URGP=0
Aug 24 00:59:03 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1  
MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2  
DST=205.206.113.59 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=58905 CE DF  
PROTO=TCP SPT=57180 DPT=6346 SEQ=1289499906 ACK=747820362  
WINDOW=65535 ACK RST URGP=0
Aug 24 00:59:35 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1  
MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2  
DST=205.206.113.59 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=59239 CE DF  
PROTO=TCP SPT=57188 DPT=6346 SEQ=332099374 ACK=2996365120  
WINDOW=65535 ACK RST URGP=0
Aug 24 00:59:51 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=72.35.224.70  
DST=68.45.214.101 LEN=48 TOS=00 PREC=0x20 TTL=111 ID=10518 DF  
PROTO=TCP SPT=3098 DPT=6348 SEQ=3150681002 ACK=0 WINDOW=64240 SYN URGP=0
Aug 24 00:59:51 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=72.35.224.70  
DST=68.45.214.101 LEN=48 TOS=00 PREC=0x20 TTL=111 ID=10925 DF  
PROTO=TCP SPT=3098 DPT=6348 SEQ=3150681002 ACK=0 WINDOW=64240 SYN URGP=0
Aug 24 00:59:52 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=72.35.224.70  
DST=68.45.214.101 LEN=48 TOS=00 PREC=0x20 TTL=111 ID=11490 DF  
PROTO=TCP SPT=3098 DPT=6348 SEQ=3150681002 ACK=0 WINDOW=64240 SYN URGP=0
Aug 24 00:59:54 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1  
MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2  
DST=205.206.113.59 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=59434 CE DF  
PROTO=TCP SPT=57191 DPT=6346 SEQ=1555253120 ACK=1293108379  
WINDOW=65535 ACK RST URGP=0
Aug 24 00:59:58 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1  
MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2  
DST=24.167.32.158 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=59487 CE DF  
PROTO=TCP SPT=57202 DPT=6348 SEQ=2460209203 ACK=2667382575  
WINDOW=65535 ACK RST URGP=0

How do I stop these now? These are new since placing those 2 lines in  
my configuration file.

Thanks for your help so far. I really appreciate it!

Cheers,

Rick

More information about the Firehol-support mailing list