Shorewall users - Feb 2003 - Unclean packets

Hello,

If I set my network interface to have "logunclean" along with
"dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect to
http://welcome.hp.com/country/us/eng/support.htm and choose any of the
product I get this.

logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239
ID=14025 PROTO=UDP SPT=53 DPT=1025 LEN=60

If I change it to "dropunclean", then I get no connection only on this
site
and this log. Everything else is working OK.

badpkt:DROP:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239
ID=56877 PROTO=UDP SPT=53 DPT=1025 LEN=60
badpkt:DROP:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
SRC=192.151.52.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=237
ID=10138 PROTO=UDP SPT=53 DPT=1025 LEN=60

Is this a problem with my Shorewall, DNS, or this web site?
It does not happen on other sites that I visit.

I use Shorewall 1.3.14 on RH 8 kernel 2.4.18-24.8.0 with latest security
patches applied.

Thank you in advance,

Alex.

--On Tuesday, February 25, 2003 12:38:56 PM -0800 Alex 
<a.polishchuk@usa.net> wrote:
> Hello,
>
> If I set my network interface to have "logunclean" along with
> "dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect
to
> http://welcome.hp.com/country/us/eng/support.htm and choose any of the
> product I get this.
>
> logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
> SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239
> ID=14025 PROTO=UDP SPT=53 DPT=1025 LEN=60
>
> If I change it to "dropunclean", then I get no connection only on
this
> site and this log. Everything else is working OK.
>
> badpkt:DROP:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
> SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239
> ID=56877 PROTO=UDP SPT=53 DPT=1025 LEN=60
> badpkt:DROP:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
> SRC=192.151.52.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=237
> ID=10138 PROTO=UDP SPT=53 DPT=1025 LEN=60
>
> Is this a problem with my Shorewall, DNS, or this web site?
> It does not happen on other sites that I visit.
>
It''s the site itself. If you don''t like the messages, turn
them off...

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

--On Tuesday, February 25, 2003 01:17:08 PM -0800 Tom Eastep 
<teastep@shorewall.net> wrote:

> It''s the site itself. If you don''t like the messages,
turn them off...
Put another way, I think that the ''unclean'' match support in
NetFilter is
not worth turning on and recommend against using it except possibly as a 
diagnostic aid.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net