[ previous ] [ next ] [ threads ]
 
 From:  rh at ffpx dot de
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Signification of loggings
 Date:  Fri, 04 Feb 2011 00:00:03 +0100 
Hi,

I had last times some strange hangs of my firewall and now I managed  
it to transfer logs via rsyslog. And would appreciate some opinion for  
the following messages and If I am right or not:

Feb  3 05:46:40 roch.ring.ier dhclient: DHCPREQUEST on vr0 to  
172.30.52.16 port 67
Feb  3 05:46:40 roch.ring.ier dhclient: DHCPACK from 172.30.52.16
Feb  3 05:46:40 roch.ring.ier dhclient: New Network Number: 78.43.44.0
Feb  3 05:46:40 roch.ring.ier dhclient: New Broadcast Address: 78.43.45.255
Feb  3 05:46:42 roch.ring.ier dhclient: bound to 78.43.44.128 --  
renewal in 1603 seconds.
Feb  3 05:55:29 roch.ring.ier ipmon[108]: 05:55:29.759758 vr0 @0:17 b  
78.43.239.20,1061 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 05:55:32 roch.ring.ier ipmon[108]: 05:55:32.759183 vr0 @0:17 b  
78.43.239.20,1061 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 05:58:05 roch.ring.ier ipmon[108]: 05:58:04.412408 vr0 @0:17 b  
78.43.34.203,4946 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 05:58:08 roch.ring.ier ipmon[108]: 05:58:07.335896 vr0 @0:17 b  
78.43.34.203,4946 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 06:12:42 roch.ring.ier ipmon[108]: 06:12:42.535566 vr0 @0:17 b  
114.141.2.77,24354 -> 78.43.44.128,22 PR tcp len 20 48 -S IN
Feb  3 06:13:25 roch.ring.ier dhclient: DHCPREQUEST on vr0 to  
172.30.52.16 port 67
Feb  3 06:13:25 roch.ring.ier dhclient: DHCPACK from 172.30.52.16

IN my opinion the leases of DHCP-Server of my provider are only in the  
range of about 30 Minutes here given in seconds. But what about the  
ipmon-Messages? I saw in the Internet some remarks about ipmon what is  
surveilling the ip-Adresses - But it was not really good explained and  
I didnt understand really..

Thanks in advance for Your replay

Ralf