--On Monday, December 02, 2002 03:16:05 PM +0200 Quentin Tockar
<qtockar@global.co.za> wrote:
>
> Hi all,
>
> I am getting Event ID 8003 every 5 seconds on my NT4 server. After
> visiting JSI Faq it suggested i make sure that the router is not
> forwarding UDP Braodcasts. How would i accomplish this as i suspect
> shorewall is forwarding UDP Broadcasts as i am getting internal addresses
> appearing in the log on the External interface.
> Dec 2 09:28:33 firewall kernel: Shorewall:man1918:DROP:IN=eth0 OUT>
MAC=ff:ff:ff:ff:ff:ff:00:02:a5:28:86:76:08:00 SRC=10.40.0.201
> DST=10.40.255.255 LEN=220 TOS=0x00 PREC=0x00 TTL=128 ID=37371 PROTO=UDP
> SPT=138 DPT=138 LEN=200
> Dec 2 09:28:37 firewall kernel: Shorewall:man1918:DROP:IN=eth0 OUT>
MAC=ff:ff:ff:ff:ff:ff:00:10:b5:06:fb:e9:08:00 SRC=10.40.0.200
> DST=10.40.255.255 LEN=211 TOS=0x00 PREC=0x00 TTL=128 ID=45921 PROTO=UDP
> SPT=138 DPT=138 LEN=191
>
> Would the following be all i need?
>
> DROP loc fw udp 137,138
> DROP loc fw tcp 137,138
No.
The packets are being logged and dropped because they have an RFC 1918
destination address and you have specified ''norfc1918'' on
eth0. Please see
FAQ 17 entitied "How do I find out why this is getting logged?"
(http://shorewall.sf.net/FAQ.htm#faq17). To suppress those messages, you
can:
a) Remove ''norfc1918'' from eth0; or
b) Modify /etc/shorewall/rfc1918 to not log these broadcasts
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://shorewall.sf.net
ICQ: #60745924 \ teastep@shorewall.net