|
||||||||
Thanks for your help on this one Chris! I was able to turn off the Plug-N-Play settings on the D-Link which eliminated the network chatter and the Firewall entries on the m0n0wall. Thanks again! Greg -----Original Message----- From: Chris Buechler [mailto:cbuechler at gmail dot com] Sent: Friday, March 18, 2005 8:56 AM To: Greg Sims Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Version 1.1: Firewall Logging -- Entries Not In Subnet On Fri, 18 Mar 2005 08:15:52 -0800, Greg Sims <greg at headingup dot net> wrote: > Hi All, > > I'm reading through the Firewall Logs of a new installation to make > sure it is stable. I found something interesting that I was not > expecting and thought I would share it with the community. > > The 4801-50 based router is configured with LAN on 10.0.0.1/24, OPT1 > on 10.0.1.1/24 and WAN on a public IP. Here's a typical Firewall Log > Entry: > > If: LAN > Source: 192.168.0.1, port 1900 > Dest: 239.355.355.350, port 1900 > Proto: UDP > > I wonder why the LAN interface is seeing address 192.168.0.1 as it is > not part of the LAN subnet. > Because the traffic is being sent to a multicast IP. m0n0wall will also drop and log broadcasts, even if they aren't on the same subnet as the LAN. > The next entry in the log is very close in time and contains the same > information but the interface is OPT1: > > If: OPT1 > Source: 192.168.0.1, port 1900 > Dest: 239.355.355.350, port 1900 > Proto: UDP > UDP 1900 and dst 239.255.255.250 (assuming a typo on the 3's) is MSN messenger broadcasts. http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Ne twork/DisableWindowsMessengerbroadcastsonUDPport1900.html -Chris |