LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-27-2016, 03:07 PM   #1
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
firewall keeps blocking connection attempts (from router?)


i have 2 machines hooked up to a cisco EPC3828D router.
both are running the uncomplicated firewall (ufw), and its log constantly (about 1/s) throws messages about blocked connection attempts, with ip addresses from all over the world.

both ufw's are set up to allow outgoing and deny incoming.

all incoming traffic is disabled on the router.

then i remembered that the router has an inbuilt dhcp server, and i disabled that - but the connection attempts don't stop!
only now most of them (not all!) seem to be coming from the router itself(192.168.0.1):
Code:
[ 2732.269185] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 2858.309086] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 2984.339022] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3110.368968] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3133.124332] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=82.24.169.49 DST=192.168.0.10 LEN=131 TOS=0x00 PREC=0x00 TTL=111 ID=21586 PROTO=UDP SPT=27698 DPT=54186 LEN=111 
[ 3236.398881] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3362.428756] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3488.468647] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3614.498567] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3740.528462] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3866.558384] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 3992.588314] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4118.628188] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4244.658083] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4370.687993] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4496.717887] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4622.747804] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4668.666563] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.177.36.186 DST=192.168.0.10 LEN=129 TOS=0x00 PREC=0x00 TTL=46 ID=63937 PROTO=UDP SPT=6889 DPT=54186 LEN=109 
[ 4748.787643] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 4874.817582] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5000.847440] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5126.877346] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5252.907219] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5378.947084] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5504.976980] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5631.006858] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5742.964978] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=50.4.166.211 DST=192.168.0.10 LEN=77 TOS=0x00 PREC=0x00 TTL=116 ID=28681 PROTO=UDP SPT=16983 DPT=48685 LEN=57 
[ 5757.036734] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 5883.066622] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 6009.106534] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 6135.136360] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 6261.166220] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 6387.196124] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 6391.151793] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28764 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6391.155953] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28770 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6391.163346] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28779 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6391.172107] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28789 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6391.180548] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28799 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6391.188641] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28809 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6391.196844] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=28819 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6403.137267] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=30994 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6403.145040] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=31003 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6408.091899] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=92.113.42.118 DST=192.168.0.10 LEN=145 TOS=0x00 PREC=0x00 TTL=113 ID=31902 PROTO=UDP SPT=49001 DPT=48685 LEN=125 
[ 6513.225966] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
[ 6614.199086] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=50.4.166.211 DST=192.168.0.10 LEN=77 TOS=0x00 PREC=0x00 TTL=116 ID=28682 PROTO=UDP SPT=16983 DPT=48685 LEN=57 
[ 6639.265889] [UFW BLOCK] IN=eth0 OUT= MAC=nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
i only changed the mac addresses (2 different addresses).

wth is going on?
i thought i told the router to not allow any incoming traffic to come through to the machines?
no port forwarding, no port triggering. no upnp, no dmz, no fancy stuff at all.

i am browsing the web and listening to music, but that shouldn't be interpreted as incoming requests?

how are they getting through the router to my computer?

i need a sanity check here, at the very least.
or maybe it is time to panic.

incidentally, i wonder if i can tell ufw to log to a file.
it's flooding the console on my non-gui machine.

Last edited by ondoho; 06-27-2016 at 03:12 PM.
 
Old 06-28-2016, 08:57 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Have you seen https://en.wikipedia.org/wiki/Multicast ?

I tried blocking this "noise" once, and failed.
Learned to live with it.
 
Old 06-28-2016, 11:10 AM   #3
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Might want to look into log limiting so your logs do not fill up with the same information.
 
Old 07-12-2016, 07:55 AM   #4
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872

Original Poster
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
yes, it seems to be harmless.

Quote:
Originally Posted by ondoho View Post
incidentally, i wonder if i can tell ufw to log to a file.
it's flooding the console on my non-gui machine.
i found a solution for that.
had to edit a file in /etc to disable logging to console. systemwide, not for ufw only.
i just took 5min to find that file, and couldn't.
sorry, i did this 2 weeks ago just before leaving on holiday.
if i remember, i will post it.

ufw is still filling the journal.

i edited /etc/journald.conf to limit the journal size, i hope it works as expected on debian stable (transition from initv to systemd?).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote connection to webserver trough router/firewall/nat rspock Linux - Embedded & Single-board computer 1 11-09-2013 07:47 PM
[SOLVED] iptables not blocking ssh attempts padeen Linux - Networking 1 04-17-2013 11:46 PM
ADSL modem/router firewall blocking legitimate traffic? catkin Linux - Networking 1 01-07-2011 01:00 PM
Multiple Internet Connection Firewall/Router - 1 Server 4 NICs luke1_28 Linux - Networking 6 03-25-2010 07:06 AM
How to setup RH9.0 as firewall/router to share internet connection iel Linux - Networking 3 03-04-2004 02:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration