[Firehol-support] Odd OUT-unknown messages

Marcus Williams marcus at quintic.co.uk
Thu Dec 1 11:49:40 GMT 2005

Hi -

I am seeing a lot of OUT-unknown tagged logs (blocked by the firewall) 
which are effecting network connectivity on my network as these tend to 
be dns requests strangely. My firehol.conf file is:

version 5

# The network of our eth0 LAN.

server_ignored_ports="udp/712 tcp/135 udp/135 tcp/137 udp/137 tcp/138 
udp/138 tcp/139 udp/139 tcp/445 udp/445"

interface eth0 dhcp
   policy return
   server dhcp accept

interface eth0 home src "${home_ips}"
   policy reject
   server "dns ssh icmp" accept
   server "ignored" drop
   client "dns icmp" accept

interface eth1 internet src not "${home_ips} ${UNROUTABLE_IPS}"
   server ident reject with tcp-reset
   client all accept

router internet2home inface eth1 outface eth0
   masquerade reverse
   client all accept
   server ident reject with tcp-reset

So I've a small network on 192.168.202.x which this machine is on 
(eth0). eth1 is the ADSL router facing interface (which picks up its IP via DHCP). The ADSL router is

Is there anyway to track down where these are coming from? (Actually I'm 
guessing there from dnsmasq, my dns cache & DHCP server - but why do 
they end up going down the "unknown" interface?)


Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK

More information about the Firehol-support mailing list