Mar 21 07:13:23 s64-180-33-181 kernel: Packet log: input REJECT eth1 PROTO=17 209.53.4.150:67 255.255.255.255:68 L=328 S=0x00 I=65030 F=0x4000 T=252 (#8)
Mar 21 07:13:32 s64-180-33-181 kernel: Packet log: input REJECT eth1 PROTO=17 209.53.4.150:67 255.255.255.255:68 L=328 S=0x00 I=65031 F=0x4000 T=252 (#8)
Mar 21 07:13:32 s64-180-33-181 kernel: Packet log: input REJECT eth1 PROTO=17 209.53.4.130:67 255.255.255.255:68 L=328 S=0x00 I=57823 F=0x4000 T=252 (#8)
Mar 21 07:13:49 s64-180-33-181 kernel: Packet log: input REJECT eth1 PROTO=17 209.53.4.150:67 255.255.255.255:68 L=328 S=0x00 I=65033 F=0x4000 T=252 (#8)
Mar 21 07:13:49 s64-180-33-181 kernel: Packet log: input REJECT eth1 PROTO=17 209.53.4.130:67 255.255.255.255:68 L=328 S=0x00 I=57825 F=0x4000 T=252 (#8)

odd.

I have set up ipchains successfully on my main box here, and am running a sin98 box on the other side of the network which i have configured statically.

the lines for ipchains -A input are as follows:

################################################## ########################
# Ok, Incoming rules, set the default policy of reject (see above)
################################################## ########################

ipchains -F input
ipchains -P input REJECT

#then start up the real rules

#local interface, local machine, going anywhere is ok
ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT


#remote interface, pretending to be the internal lan... fsck off.
ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -j REJECT


#remote interface, any source, coming into my static IP, okey doke.
ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT


#loopback interface is valid
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT


#a catchall rule, everything left that happens is dropped and logged.
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT


################################################## ######
# Thats it for the input section, next is the output
################################################## ######

I enabled DNS on the win98 box and manually entered in my DNS server addresses.

The net connection works for both (not getting any DNS errors with browsing at all) but the /var/log/messages keeps filling up with these reports.
Any ideas?

[ 21 March 2001: Message edited by: scoobydope ]

[ 21 March 2001: Message edited by: scoobydope ]

Originally posted by scoobydope:
Mar 21 07:13:23 s64-180-33-181 kernel: Packet log: input REJECT eth1 PROTO=17 209.53.4.150:67 255.255.255.255:68 L=328 S=0x00 I=65030 F=0x4000 T=252 (#8)


Well, first thought is that your destination address is 255.255.255.255. The destination address you specify in ipchains should be the ip address that your server has at that moment. And you should allow only to the ports you want, ie. port 80 for webserving.

Further, if some l33t h4X0r is portscanning you, having ipchains set to REJECT means that your computer will send back a reply: "Sorry, port x is closed". l33t h4X0r, who might have only been looking for open Windows NetBIOS shares, will then know that your computer is up and running, and can explore you port-by-port if he so desires.

Better to set ipchains to DENY. That way, if someone portscans you on a closed port, they never even get a reply, and may even assume that your system is off.

Go to www.grc.com (http://www.grc.com) and follow the links for Shields Up!. You'll get to have the grc.com servers do nasty things to your firewall. It's fun.

:)

Ports 67 and 68 are involved with bootp or dhcp. If you don't have a dynamic address this is likely traffic from your isp's routers.

If you don't use dhcp, just go ahead and block all traffic on 67 and 68.