Folks in this town have figured out that you can put a rfc1918 IP on two different cable modems and route between two branch offices as long as they are served by the same head-end controller. So my logs are filling up with rfc1918 messages, (mostly port 67 junk). Is there any down side to changing the logdrop to DROP in the rfc1918 file ? ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386
On Wed, 31 Jul 2002, John Andersen wrote:> Folks in this town have figured out that you can put a rfc1918 IP > on two different cable modems and route between two branch offices > as long as they are served by the same head-end controller. > > So my logs are filling up with rfc1918 messages, (mostly port 67 junk). > > Is there any down side to changing the logdrop to DROP > in the rfc1918 file ? >Only that you don''t see those annoying messages :-) -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
tom> On Wed, 31 Jul 2002, John Andersen wrote: >> Folks in this town have figured out that you can put a rfc1918 IP >> on two different cable modems and route between two branch offices >> as long as they are served by the same head-end controller. >> >> So my logs are filling up with rfc1918 messages, (mostly port 67 junk). >> >> Is there any down side to changing the logdrop to DROP >> in the rfc1918 file ? >> tom> Only that you don''t see those annoying messages :-) I (in a university environment) see a lot of the port 67 stuff as well, but only with SRC=0.0.0.0 and DST=255.255.255.255. John, are your SRC/DST addresses the same as mine? Are you two suggesting changing *all* the "logdrop"s to "DROP" in the "rfc1918" file, or only the line with 0.0.0.0/7? -Kenneth
On 31 Jul 2002, Kenneth Jacker wrote:> I (in a university environment) see a lot of the port 67 stuff as > well, but only with SRC=0.0.0.0 and DST=255.255.255.255. John, are > your SRC/DST addresses the same as mine? > > Are you two suggesting changing *all* the "logdrop"s to "DROP" in the > "rfc1918" file, or only the line with 0.0.0.0/7?Ken, in your case I might suggest just specifying ''dhcp'' on your external interface. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
tom> On 31 Jul 2002, Kenneth Jacker wrote:
>> I (in a university environment) see a lot of the port 67 stuff as
>> well, but only with SRC=0.0.0.0 and DST=255.255.255.255. John, are
>> your SRC/DST addresses the same as mine?
>>
>> Are you two suggesting changing *all* the "logdrop"s to
"DROP" in the
>> "rfc1918" file, or only the line with 0.0.0.0/7?
tom> Ken, in your case I might suggest just specifying
''dhcp'' on
tom> your external interface.
Could you elaborate a bit? The documentation for the "interfaces"
file states (in part):
*dhcp* - The interface is assigned an IP address via DHCP or is
used by a DHCP server running on the firewall.
The interface has a statically-assigned IP address (i.e., no DHCP). In
addition, the FW machine does not run a DHCP server. [It is true,
though, that many machines on campus (including most in my Dept)
obtain their "network info" from DHCP servers ...]
It is not obvious to me why/how the "dhcp" option would help my
situation.
I''m not disagreeing here, but just trying to better understand!
Thanks,
-Kenneth
On 31 Jul 2002, Kenneth Jacker wrote:> > Could you elaborate a bit? The documentation for the "interfaces" > file states (in part): > > *dhcp* - The interface is assigned an IP address via DHCP or is > used by a DHCP server running on the firewall. > > > The interface has a statically-assigned IP address (i.e., no DHCP). In > addition, the FW machine does not run a DHCP server. [It is true, > though, that many machines on campus (including most in my Dept) > obtain their "network info" from DHCP servers ...] > > > It is not obvious to me why/how the "dhcp" option would help my situation. > > I''m not disagreeing here, but just trying to better understand! >Port 67 is one of the two ports used by DHCP -- I think what you are seeing are students who have their laptops configured for DHCP plugging those systems into your LAN segment. The packets that you reported in your previous post are consistent with that scenario... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On 31 Jul 2002 at 22:30, Kenneth Jacker wrote:> I (in a university environment) see a lot of the port 67 stuff as > well, but only with SRC=0.0.0.0 and DST=255.255.255.255. John, are > your SRC/DST addresses the same as mine? > > Are you two suggesting changing *all* the "logdrop"s to "DROP" in the > "rfc1918" file, or only the line with 0.0.0.0/7? > > -KennethI see (saw now, as I no longer see it) subnets as 0.0.0.0, also 10.0.0.x also various 192.168 and 172 subnets. I had some martian source messages a while back too but that was months ago and I can''t remember what package issued those messages. That was back in my Pre-shorewall days. Therefore, I set all rfc1918 to DROP. No ill effects noticed. ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386