[ previous ] [ next ] [ threads ]
 
 From:  "Jewell, Michael" <mjewell at law dot umaryland dot edu>
 To:  "rh at ffpx dot de" <rh at ffpx dot de>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Signification of loggings
 Date:  Sat, 5 Feb 2011 23:34:32 -0500
From: rh at ffpx dot de [rh at ffpx dot de]
Sent: Thursday, February 03, 2011 6:00 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Signification of loggings

Hi,

I had last times some strange hangs of my firewall and now I managed
it to transfer logs via rsyslog. And would appreciate some opinion for
the following messages and If I am right or not:

Feb  3 05:46:40 roch.ring.ier dhclient: DHCPREQUEST on vr0 to
172.30.52.16 port 67
Feb  3 05:46:40 roch.ring.ier dhclient: DHCPACK from 172.30.52.16
Feb  3 05:46:40 roch.ring.ier dhclient: New Network Number: 78.43.44.0
Feb  3 05:46:40 roch.ring.ier dhclient: New Broadcast Address: 78.43.45.255
Feb  3 05:46:42 roch.ring.ier dhclient: bound to 78.43.44.128 --
renewal in 1603 seconds.
Feb  3 05:55:29 roch.ring.ier ipmon[108]: 05:55:29.759758 vr0 @0:17 b
78.43.239.20,1061 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 05:55:32 roch.ring.ier ipmon[108]: 05:55:32.759183 vr0 @0:17 b
78.43.239.20,1061 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 05:58:05 roch.ring.ier ipmon[108]: 05:58:04.412408 vr0 @0:17 b
78.43.34.203,4946 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 05:58:08 roch.ring.ier ipmon[108]: 05:58:07.335896 vr0 @0:17 b
78.43.34.203,4946 -> 78.43.44.128,135 PR tcp len 20 64 -S IN
Feb  3 06:12:42 roch.ring.ier ipmon[108]: 06:12:42.535566 vr0 @0:17 b
114.141.2.77,24354 -> 78.43.44.128,22 PR tcp len 20 48 -S IN
Feb  3 06:13:25 roch.ring.ier dhclient: DHCPREQUEST on vr0 to
172.30.52.16 port 67
Feb  3 06:13:25 roch.ring.ier dhclient: DHCPACK from 172.30.52.16

IN my opinion the leases of DHCP-Server of my provider are only in the
range of about 30 Minutes here given in seconds. But what about the
ipmon-Messages? I saw in the Internet some remarks about ipmon what is
surveilling the ip-Adresses - But it was not really good explained and
I didnt understand really..

Thanks in advance for Your replay

Ralf
________________________________________

probably a 1hr lease.  I'm not sure about m0n0,  but Windows default behavior is to try to renew a
lease when it's half way through.  I would imagine m0n0 follows the same practice.

-Mike