[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IGMP is filling up my Firewall Logs
 Date:  Sun, 12 Sep 2004 15:53:28 -0700 (PDT)
On Mon, 13 Sep 2004, Timothy Jans wrote:

> Ok, I think I discovered a bug and solved my problem :)

Depends on what you mean by "bug". :-)

> This is what I get with no explicit rule :
> 
> 23:46:19.930192 WAN  	81.83.76.1  	224.0.0.1  	IGMP
> 23:46:19.929921 WAN 	81.83.92.1 	224.0.0.1 	IGMP
> 23:46:19.929646 WAN 	81.83.32.1 	224.0.0.1 	IGMP
> 23:46:19.929361 WAN 	81.82.222.1 	224.0.0.1 	IGMP
> 23:46:19.929041 WAN 	81.165.144.1 	224.0.0.1 	IGMP
> 23:46:19.928769 WAN 	81.165.156.1 	224.0.0.1 	IGMP
> 23:46:19.928496 WAN 	10.74.0.1 	224.0.0.1 	IGMP
> 23:46:19.928239 WAN 	172.22.208.1 	224.0.0.1 	IGMP
> 
> This is what I get with an explicit non-logging rule for IGMP :
> 
> 23:50:29.966303 WAN  	10.74.0.1  	224.0.0.1  	IGMP
> 23:50:29.966047 WAN 	172.22.208.1 	224.0.0.1 	IGMP
> 
> You can clearly see that the 81.x.x.x are not logged anymore.
> The others are probably logged because they are private IP ranges.
> 
> When I now uncheck "block private networks" (Interfaces -> WAN) the
> firewall won't log any IGMP packet :)

That explains why I never had the problem - my only IGMP packets come
from my ISP's router.

If your "WAN" is in a context where private addresses are meaningful, then
the "block private networks" setting is clearly inappropriate.

If the private addresses are really in somebody else's private network,
then that seems like a bug in multicast routing, in which case the logging
is probably a "feature". :-) Note that IGMP packets are not supposed to be
forwarded.

The "block private networks" setting can always be accomplished with
explicit rules, in which case you can control the order.

					Fred Wright