[7.921][QUESTION][OPEN] PacketFilter drop dns from Internet ip??

I have close to 10000 DNS packet dropped per day, but they seem to come from my internet IP to go on the internet.... Which I don't understand..

I have rules set to allow my local network to do DNS to any network.

My cable modem is connected to ETH0

I get theses: The source is always my Internet IP, and the dest seem to be a set of about 20 that repeat over and over. I found my ISP's dns server in the set...

My internet work fine and resolve well. And if I got on astaro inside tools, I am also able to resolve DNS there...

Anyone have an idea?

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.5.5.241" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="14845" dstport="53" 
2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.112.36.4" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="10903" dstport="53" 
2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="128.63.2.53" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="43979" dstport="53" 
2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.36.148.17" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="51336" dstport="53" 
2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.58.128.30" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="51080" dstport="53" 
2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="193.0.14.129" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="54423" dstport="53"

Parents

0 RickWeiss over 15 years ago

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.5.5.241" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="14845" dstport="53" 

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.112.36.4" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="10903" dstport="53" 

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="128.63.2.53" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="43979" dstport="53" 

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.36.148.17" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="51336" dstport="53" 

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="192.58.128.30" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="51080" dstport="53" 

2010:06:10-17:45:22 plasmashield ulogd[3761]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:15:5d:1:a:11" srcip="MY_INTERNET_IP" dstip="193.0.14.129" proto="17" length="83" tos="0x00" prec="0x00" ttl="64" srcport="54423" dstport="53"

It may mean nothing but has anyone noticed that these are all Root Server addresses in x-cimo's log?

0 RFCat_vk_01 over 15 years ago in reply to RickWeiss

Hi,
yes, I get the same every time.

Ian M
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 RFCat_vk_01 over 15 years ago in reply to RickWeiss

Hi,
yes, I get the same every time.

Ian M
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data

[7.921][QUESTION][OPEN] PacketFilter drop dns from Internet ip??

Submitted a Tech Support Case lately from the Support Portal?