[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Broadcast between nets
 Date:  Sat, 11 Nov 2006 14:46:55 -0500 
On 11/11/06, Dennis Karlsson <dennis at denniskarlsson dot com> wrote:
>
> Why do I see this in the firewall log;
>
> 19:48:53.644885 WAN  149.49.32.134, port 1030  149.49.32.255, port 123  UDP
> 19:48:43.644353 WAN  149.49.32.134, port 1030  149.49.32.255, port 123  UDP
> 19:48:33.644097 WAN  149.49.32.134, port 1030  149.49.32.255, port 123  UDP
> 19:48:23.643498 WAN  149.49.32.134, port 1030  149.49.32.255, port 123  UDP
>
> I have these IP addresses;
>
> 195.67.152.190  - WAN IP address
> 192.168.1.1     - LAN IP address
>
> Should I even see broadcast from another net?
>

No, you shouldn't, but that doesn't mean you won't.  Your ISP
obviously has multiple subnets on the same broadcast domain, which is
a no no.  UDP 123 is NTP, so that host is broadcasting for a time
server.  Its subnet is likely a /24 since .255 is its broadcast, so it
should be off your subnet and not something you should see.

But it's just something you'll have to live with.  It's extremely
unlikely you'll be able to convince your ISP to change their ways, and
personally I wouldn't even try.  If you want to get the noise out of
your log, you can add a non-logging block rule to your WAN for NTP.

-Chris