[Firewall] (1.8.8o) DSL modem doing DHCP: broadcasts are blocked

d9s9e-aif at yahoo.de d9s9e-aif at yahoo.de
Thu Mar 5 18:10:30 CET 2009


Sorry, been busy...

Anyway, MODEM_IF="eth1", MODEM_IP not set (the Modem ought to do DHCP) and the cases are:

A) MODEM_INTERNAL_NET is set, MODEM_IF_IP not

Generated Rules:
-A INPUT -i eth1 -j ACCEPT 
-A INPUT -i eth1 -m limit --limit 1/sec -j LOG --log-prefix "Dropped MODEM packet: " --log-level 6 
-A INPUT -i eth1 -j DROP 

-> No Log message

B) Both set (MODEM_IF_IP="XXX.XXX.XXX.XXX")

Rules:
-A INPUT -d XXX.XXX.XXX.XXX/32 -i eth1 -j ACCEPT 
-A INPUT -i eth1 -m limit --limit 1/sec -j LOG --log-prefix "Dropped MODEM packet: " --log-level 6 
-A INPUT -i eth1 -j DROP 

-> Log messages:

Dropped MODEM packet: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:XX:XX:XX:XX:XX:XX:XX:XX SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=556 

Does this help?

Dirk.


--- Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl> schrieb am Mo, 23.2.2009:

> Von: Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>
> Betreff: Re: [Firewall] (1.8.8o) DSL modem doing DHCP: broadcasts are blocked
> An: d9s9e-aif at yahoo.de, "Arno's IPTABLES firewall script" <firewall at rocky.eld.leidenuniv.nl>
> Datum: Montag, 23. Februar 2009, 20:45
> Could you please provide a snippet of
> the log showing the problem? Fixing it should be trivial in
> that way....
> 
> a.
> 
> d9s9e-aif at yahoo.de
> wrote:
> > Hi,
> > 
> > I have version 1.8.8o installed (from Debian Lenny)
> and my modem is trying to do DHCP using the broadcast
> address 255.255.255.255 but the firewall blocks it (Dropped
> MODEM packed). I'd like to use the MODEM_IF_IP and
> MODEM_INTERNAL_NET settings (which cause this 'problem')
> because providers already had misconfigured their stuff so
> you could eventually see your neighbours PCs on the DSL
> interface.
> > 
> > If you could consider this case in some future
> version, I'd be gratefull.
> > 
> > Thanks,
> > Dirk.
> > 
> > 
> >   
>    _______________________________________________
> > Firewall mailing list
> > Firewall at rocky.eld.leidenuniv.nl
> > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
> > 
> 
> -- Arno van Amersfoort
> E-mail    : arnova at rocky.eld.leidenuniv.nl
> Donations are welcome through Paypal!
> ---------------------------------------------------------------------------
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 


      


More information about the Firewall mailing list