What is up with this?

I am doing some initial testing and have my Astaro boxes WAN hooked into my LAN.  I only have the management NIC plugged into the network.

I noticed that I have 419 dropped DNS packets going to 192.36.148.17.

inetnum:      192.36.148.0 - 192.36.148.255
netname:      I-ROOTSERVER
descr:        Special net for DNS i.root-servers.net.
country:      SE

Why would it be dropping these?  In fact, why would it even see any DNS traffic on this interface since everything is on a switch?  Only my IPCOP box should be getting any DNS traffic.

I am also seeing blocks going out to Veri Sign.

OrgName:    VeriSign Global Registry Services
OrgID:      VGRS
Address:    21345 Ridgetop Circle
City:       Dulles
StateProv:  VA
PostalCode: 20166
Country:    US

NetRange:   192.58.128.0 - 192.58.128.255
CIDR:       192.58.128.0/24

And to my IPCOP box.

I am also seeing IGMP broadcast packets that are being blocked.  224.0.0.1.  I have no idea why I am seeing multicast packets!

What is going on? The blocked out IP is my IPCOP box.

C68

0 Coder68 over 16 years ago

It looks like most of the traffic that is being blocked is coming from my WAN NIC. But I do not have it physicaly connected. Why is the WAN NIC generating traffic?

2009:01:04-07:23:04 (none) ulogd[3198]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" seq="0" initf="unknown" outitf="unknown" dstmac="00:00:00:00:00:00" srcmac="mac" srcip="IP" dstip="192.112.36.4" proto="17" length="64" tos="0x00" prec="0x00" ttl="64" srcport="22864" dstport="53"

I changed the stuff in red...to protect the innocent! [:D]

C68

The DNS traffic could be due to system e-mails to my email address but are not being delivered. Since the WAN link is down. I will test this by hooking it up. But I wonder why it is blocking these DNS request. It does resolve my email domain, but has no route to host. So why is it blocking DNS request?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 BarryG over 16 years ago in reply to Coder68

Port 53 is DNS.
Astaro is trying to do DNS lookups.

Barry
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Coder68 over 16 years ago in reply to BarryG

Yeah, I know that. If Astaro is doing a DNS lookup, why is it blocking it's self??

C68
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 BarryG over 16 years ago in reply to Coder68

You said you have only the internal interface connected... Astaro is probably trying to do DNS through the external interface (assuming it's configured), hence the drops.

Barry
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Coder68 over 16 years ago in reply to BarryG

I did not expet it to show as dropped in the firewall. It gives the impression that the firewall blocked it and not that it failed to reach its destination.

I am going to be hooking up the other interface this weekend and doing my next stage of testing. I will see what happens then.

Thanks,

C68
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel