This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ports 67 & 68 (DHCP)

I have defined a network of 0.0.0.0/255.255.255.255 for local broadcast traffic. I created a rule to allow from the outside these 2 ports, yet continue to get the following drops in my syslog:
kernel: UDP Drop: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00[:D]0:58:7a:7c:54:08:00 SRC=stdhcp01.atl.mediaone.net DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=250 ID=13950 DF PROTO=UDP SPT=67 DPT=68 LEN=556

Any ideas?

This thread was automatically locked due to age.

Parents

0 eaustin over 23 years ago

Your subnet mask should be 0.0.0.0
Cancel
Vote Up 0 Vote Down

Cancel
0 Kenn over 23 years ago in reply to eaustin

Ok, how about the other direction? I get log entries for src [specific x.x.x.x/32] UDP 67, bcast UDP 68 from a specific source (dchp server). I created a rule to DROP all traffic to all destinations from this source, yet still see the logged packets. The default rule (all, all, all) is also drop. What am I doing wrong?
Cancel
Vote Up 0 Vote Down

Cancel
0 eaustin over 23 years ago in reply to Kenn

Are you referring to Astaro's logs? If so, do the logs report the packets as being dropped? They should.

Eric
Cancel
Vote Up 0 Vote Down

Cancel
0 Gert Hansen over 23 years ago in reply to eaustin

Hi there guys,

to remove broadcast packets from the log you have to add the net

global broadcast 255.255.255.255 255.255.255.255

and add a rule

Any Any global broadcast Drop

now these packets should not be logged anymore.

hope that helps
kind regards
gert
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 23 years ago in reply to Gert Hansen

Gert, that works.

BTW, I had tried:
any DHCP(67:68 67:68) any drop

and that didn't help.

Shouldn't ANY include 255.255.255.255/255.255.255.255 ?

Thanks,
Barry

[ 30 October 2001: Message edited by: barrygould ]
Cancel
Vote Up 0 Vote Down

Cancel
0 unkfrank12 over 23 years ago in reply to BarryG

Gert,
Thanks for the Broadcast tip. Been wondering how to get rid of those entries.
Frank
Cancel
Vote Up 0 Vote Down

Cancel
0 carlbackbone over 23 years ago in reply to unkfrank12

Hi Gert,
I implemented this method to stop the logging of
broadcast violations with no success:

quote:
to remove broadcast packets from the log you have to add the net
global broadcast 255.255.255.255 255.255.255.255
and add a rule
Any Any global broadcast Drop
now these packets should not be logged anymore.

The log entries continue from ports 138, 67, 68.
Any suggestions? I'm using version 2.016. THX
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 carlbackbone over 23 years ago in reply to unkfrank12

Hi Gert,
I implemented this method to stop the logging of
broadcast violations with no success:

quote:
to remove broadcast packets from the log you have to add the net
global broadcast 255.255.255.255 255.255.255.255
and add a rule
Any Any global broadcast Drop
now these packets should not be logged anymore.

The log entries continue from ports 138, 67, 68.
Any suggestions? I'm using version 2.016. THX
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 jlabs over 23 years ago in reply to carlbackbone

we also try to filter dhcp- Broadcast.

we defined a network broadcast32 255.255.255.255/255.255.255.255

and a rule any any Broadcast32 drop.

drop didn't work

can any body help us? labs@mfh-iserlohn.de
Cancel
Vote Up 0 Vote Down

Cancel