I am experiencing a strange problem (at least it seems strange to me ;)).
I have a server which has two NICs (eth0 = external, eth1 = internal) running kernel 2.4.18 and performing NAT. I use 10.0.1.x IPs in my internal net.
Recently a (fake?) DHCP-Server turned up somewhere (on the same broadband link, I use cable?) which sends me _a lot_ of DHCPOFFERS and the like _which I don't think I requested_ and (says it has?) a 10.x.x.x IP.
So I listed it in my dhclient.conf as "reject server". This seems to work because I can see log entries in /var/log/daemon.log (see attachment "daemon.txt").
So I went on and entered a rule in my iptables which (I thought) would keep those packets away from me. But no luck, I can see packets "hanging" in the rule (using iptables -v -L) but the log entries in /var/log/daemon.log keep showing up! So something is wrong with my rule, I thought and closed everything, just to check (see attachement "fire.sh", my dummy firewall script and "iptables?.txt").
And now the log entries _still appear_. WHY? I don't get it...
The attachements:
daemon.txt - tail of /var/log/daemon.log, these entries were created while the fire.sh ipchains were active
fire.sh - a cut-down version of my real firewall-script (just DROPs everything, I think)
iptables.txt - a $iptables -v -L while the fire.sh "firewall" was active
iptables2.txt - like iptables.txt, but a few seconds (10?) later
Can you help me? greenhorn
May 19 17:01:34 wgsurf dhclient-2.2.x: DHCPOFFER from 10.224.96.1 rejected. May 19 17:01:34 wgsurf dhclient-2.2.x: DHCPACK from 10.224.96.1 rejected. May 19 17:01:35 wgsurf dhclient-2.2.x: DHCPOFFER from 10.224.96.1 rejected. May 19 17:01:36 wgsurf dhclient-2.2.x: DHCPACK from 10.224.96.1 rejected. May 19 17:02:07 wgsurf last message repeated 5 times May 19 17:02:07 wgsurf dhclient-2.2.x: DHCPACK from 10.224.96.1 rejected. May 19 17:02:17 wgsurf dhclient-2.2.x: DHCPOFFER from 10.224.96.1 rejected. May 19 17:02:18 wgsurf dhclient-2.2.x: DHCPACK from 10.224.96.1 rejected. May 19 17:02:18 wgsurf dhclient-2.2.x: DHCPACK from 10.224.96.1 rejected. May 19 17:02:30 wgsurf dhclient-2.2.x: DHCPOFFER from 10.224.96.1 rejected.
Attachment:
fire.sh
Description: Binary data
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
55 5382 drop-and-log-it all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 drop-and-log-it all -- any any anywhere anywhere
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6 282 drop-and-log-it all -- any any anywhere anywhere
Chain drop-and-log-it (3 references)
pkts bytes target prot opt in out source destination
61 5664 LOG all -- any any anywhere anywhere LOG level warning
61 5664 DROP all -- any any anywhere anywhere
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 289 25038 drop-and-log-it all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 39 2702 drop-and-log-it all -- any any anywhere anywhere Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 628 drop-and-log-it all -- any any anywhere anywhere Chain drop-and-log-it (3 references) pkts bytes target prot opt in out source destination 339 28368 LOG all -- any any anywhere anywhere LOG level warning 339 28368 DROP all -- any any anywhere anywhere
