|
||||||||
Dont know if this is relevant to your problem, but 239.355.355.350 isnt a valid address. -----Original Message----- From: Greg Sims [mailto:greg at headingup dot net] Sent: 18 March 2005 16:16 To: Subject: [m0n0wall] Version 1.1: Firewall Logging -- Entries Not In Subnet Hi All, I'm reading through the Firewall Logs of a new installation to make sure it is stable. I found something interesting that I was not expecting and thought I would share it with the community. The 4801-50 based router is configured with LAN on 10.0.0.1/24, OPT1 on 10.0.1.1/24 and WAN on a public IP. Here's a typical Firewall Log Entry: If: LAN Source: 192.168.0.1, port 1900 Dest: 239.355.355.350, port 1900 Proto: UDP I wonder why the LAN interface is seeing address 192.168.0.1 as it is not part of the LAN subnet. The next entry in the log is very close in time and contains the same information but the interface is OPT1: If: OPT1 Source: 192.168.0.1, port 1900 Dest: 239.355.355.350, port 1900 Proto: UDP Again it is interesting that the OPT1 interface is seeing this packet given the source address (or destination) is not part of the OPT1 subnet. By the way, these entries are being generated by a D-Link router with LAN IP 192.168.0.1/24 that is connected to the same switch as LAN and OPT1 from the m0n0wall. Thanks in advance, Greg |