broadcast

Hi!

I have FreeBSD 13.1-RELEASE-p5 and I have in rc.conf:
Code:
# lagg
cloned_interfaces="lagg0"
wlans_iwm0="wlan0"
create_args_wlan0="wlanaddr 00:2b:67:05:75:7f country US"
ifconfig_re1="up"
ifconfig_wlan0="WPA"
ifconfig_lagg0="up laggproto failover laggport re1 laggport wlan0 DHCP"
I am using ipfw firewal, default - workstation. And the "problem" is if I am using wifi than I got in firewall logs:
Code:
kernel: ipfw: 65500 Deny UDP 192.168.1.1:44454 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:46079 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:49766 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:59785 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:59546 239.255.255.250:1900 in via lagg0
,,,
...

but with using ethernet I do not have those logs. The same is if I use just wlan0.

Thank you and Happy New Year.
 
Short answer is yes.
IPFW works by matching the rules as defined. In your ethernet DHCP and your WiFi DHCP it is typical of the Wifi Router to provide a different IP range from your Ethernet range. You should examine the existing rules in IPFW to see if the addresses provided by the WiFi router are permitted, You can quickly list the existing firewall rules by entering
Code:
 ipfw list
 
Hi fernandel,
this is in my [/file]/etc/rc.conf[/file] with line numers of an editor.
Code:
...
 19 # LAGG
 20 ifconfig_em0="ether 8c:70:5a:cd:28:ec"
 21 wlans_iwn0="wlan0"
 22 ifconfig_wlan0="WPA"
 23 create_args_wlan0="country DE regdomain ETSI channel 1"
 24 ifconfig_lagg0="up laggproto failover laggport em0 laggport wlan0 DHCP"
...
 60 # IPFW
 61 firewall_enable="yes"
 62 firewall_type="workstation"
 63 firewall_logging="yes"
 64 firewall_myservices="ssh/tcp"
 65 firewall_allowservices="192.168.0.0/24"
...
I have had no issues. May be you can re-use parts of it.
Kind regards,
Christoph
 
that look like upnp broadcasts from your home router
you can just ignore that

Yep, multicast Class D; my wifi uplink is a tethered phone and emits these periodically, about 3 times per minute.

Rather than ignore them filling your log, just add firewall_nologports="1900" to /etc/rc.conf.
 
To wrap this up, your rc.conf has the following:
65 firewall_allowservices="192.168.0.0/24" which would allow 192.168.0.0 through 192.168.0.255 but the reject messages you see in your log are from 192.168.1.1 which is in the next /24 range. This difference in subnet ranges almost certainly explains why there is a difference in WiFi and Ethernet. You can either adjust your subnet mask to /16 to include all 192.168.nnn.nnn, or depending on your local needs you can use a tighter mask like /23 which would give you just 192.168.0.nnn through 192.168.1.nnn

Play around with CIDR calculators online to decide what mask works best for you.
 
To wrap this up, your rc.conf has the following:
65 firewall_allowservices="192.168.0.0/24" which would allow 192.168.0.0 through 192.168.0.255 but the reject messages you see in your log are from 192.168.1.1 which is in the next /24 range.

Sorry Bryce, but you're quoting chrbr's setup, yet the deny log lines were from OP, Fernandel.

covacat pounced on the real issue, the upnp packets, and I just showed how to quell the unnecessary logging noise ...
 
kernel: ipfw: 65500 Deny UDP 192.168.1.85:52837 239.255.255.250:3702 in via lagg0
And one question more, please: IS thus broadcast too. Thank you.I found it:
https://www.wikimix.info/en/ip/192.168.1.85

Yes, any ip4 address starting with 224 to 255 is broadcast:

224.0.0.0/4 Class D
240.0.0.0/4 Class E

See /etc/rc.firewall 'simple' ruleset for definitions of various ranges of addresses that should not be routed outside our local network, there added to a table.

Is 192.168.1.85 your address, or another system in your net?

I don't know what port 3702 is; it's not in /etc/services .
 
Yes, any ip4 address starting with 224 to 255 is broadcast:

224.0.0.0/4 Class D
240.0.0.0/4 Class E

See /etc/rc.firewall 'simple' ruleset for definitions of various ranges of addresses that should not be routed outside our local network, there added to a table.

Is 192.168.1.85 your address, or another system in your net?

I don't know what port 3702 is; it's not in /etc/services .
https://www.speedguide.net/port.php?port=3702
 
Back
Top