[Firehol-support] Re: DHCP Log Messages - Please HELP!

cougar c0ugar7i8 at comcast.net
Wed Aug 24 18:43:24 BST 2005 

On Aug 24, 2005, at 02:22 AM, Daniel Pittman wrote:

> cougar <c0ugar7i8 at comcast.net> writes:
>
>> On Aug 23, 2005, at 23:43 PM, Daniel Pittman wrote:
>>
>>> cougar <c0ugar7i8 at comcast.net> writes:
>>>
>>>>> cougar <c0ugar7i8 at comcast.net> writes:
>>>>>
>
> [...]
>
>
>> I had 'client all accept', shouldn't that take care of the 'client
>> dhcp accept'?
>>
>
> Yes, probably. :)

Okay, well without 'client dhcp accept', I log those dhcp messages  
what I originally was logging.
Is this a BUG? Without the 'client dhcp accept', I am logging  
different messages.

Now I get messages like this...

Aug 24 13:37:10 mercury IN-world: IN=eth1 OUT= MAC= SRC=68.45.214.101  
DST=68.45.215.255 LEN=236 TOS=00 PREC=0x00 TTL=64 ID=230 DF PROTO=UDP  
SPT=138 DPT=138 LEN=216
Aug 24 13:39:00 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=221.208.208.194  
DST=68.45.214.101 LEN=499 TOS=00 PREC=0x20 TTL=44 ID=0 DF PROTO=UDP  
SPT=33112 DPT=1027 LEN=479
Aug 24 13:39:17 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=221.208.208.197  
DST=68.45.214.101 LEN=518 TOS=00 PREC=0x20 TTL=44 ID=0 DF PROTO=UDP  
SPT=33229 DPT=1026 LEN=498
Aug 24 13:39:17 mercury IN-world: IN=eth1 OUT=  
MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=221.208.208.197  
DST=68.45.214.101 LEN=518 TOS=00 PREC=0x20 TTL=44 ID=0 DF PROTO=UDP  
SPT=33229 DPT=1027 LEN=498

And of course, I get this when trying to do a dns search...

host 221.208.208.194
Host 194.208.208.221.in-addr.arpa not found: 3(NXDOMAIN)

>
>
>> I added the 'server dhcp drop' like you suggested and now I'm
>> receiving these...
>>
>> Aug 24 00:58:39 mercury NEW TCP w/o SYN: IN=eth0 OUT=eth1
>> MAC=00:03:47:77:3d:25:00:03:93:6d:97:d4:08:00  SRC=192.168.1.2
>> DST=205.206.113.59 LEN=40 TOS=00 PREC=0x00 TTL=63 ID=58867 CE
>> PROTO=TCP SPT=57191 DPT=6346 SEQ=1555253119 ACK=1293108379
>> WINDOW=65535 ACK URGP=0
>>
>
> If you just restarted your firewall, it must have forgotten the
> connections in progress.  These are TCP packets that are part of a
> running connection, but that conntrack doesn't recognise.
>
> They /should/ go away shortly, and the bittorrent system (if I don't
> miss my guess) should reconnect to those peers for you.

More information about the Firehol-support mailing list