RocketJSquirrel
Senior Member
I'm still getting the messages. I can apparently generate them at will by moving between my 2 access points with my iPhone & iPad.
That IPv6 address appears as Scope:Link in all of br0, eth0, eth1, and vlan1 in the ifconfig output. (Sorry I don't know what any of this means. During my software career, my area of expertise was user interface design & development. I staunchly stayed away from both networking and server-side software. And IPv6 was only a gleam in someone's eye.)I expect the fe80 on rule 3 is from the br0 interface.
I'm still getting the messages. I can apparently generate them at will by moving between my 2 access points with my iPhone & iPad.
I added these loopback rules, but they haven't caught anything. I'm seeing one v4 rule and one v6 rule which are dropping packets. And I am still getting the "own address" warning when one of my mobile devices moves from the router to the secondary WAP. The flood of warnings has been reduced to a trickle.We only have two addresses left. Getting them would indicate a configuration problem with a computer I believe.
Can you add for ipv4 the rule
iptables -I INPUT 3 ! -i lo -s 127.0.0.1 -j DROP
and for Ipv6 the rule
ip6tables -I INPUT 1 ! -i lo -s ::1 -j DROP
These are the IP addresses from the lo interface and should never be sent outside the local computer. A programmer may have used ::1 rather than ::0 which is permitted as a source address on a lan.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 29 1706 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
2 5216 629K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 0 0 DROP all -- !lo * 127.0.0.1 0.0.0.0/0
4 0 0 DROP all -- !lo * 76.126.27.xxx 0.0.0.0/0
5 45 6377 DROP all -- !lo * 192.168.1.1 0.0.0.0/0
6 3 1620 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:9999
...
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all !lo * ::1/128 ::/0
2 0 0 DROP all !lo * fe80::blah:blah:blah:8201/128 ::/0
3 0 0 DROP all !lo * fe80::blah:blah:blah:8204/128 ::/0
4 822 98640 DROP all !lo * fe80::blah:blah:blah:8200/128 ::/0
5 0 0 DROP all !lo * 2001:blah:blah:blah:6f79/128 ::/0
6 0 0 DROP all !lo * 2601:blah:blah:blah:8200/128 ::/0
...
I added these loopback rules, but they haven't caught anything. I'm seeing one v4 rule and one v6 rule which are dropping packets. And I am still getting the "own address" warning when one of my mobile devices moves from the router to the secondary WAP. The flood of warnings has been reduced to a trickle.
As usual, test it in a .sh file ending so you can recover if something goes wrong.
#!/bin/sh
# set -v
# set -x
# kill packets from my own addresses
#
TARGET=DROP
# comment the next line to stop logging
TARGET=sickbird
#
# you want to place these rules after the rule ending with "state RELATED,ESTABLISHED"
# use "iptables -nvL INPUT --lin" and "ip6tables -nvL INPUT --lin" to display current rules
#
# Where to insert Ipv4 rules into INPUT chain (change if not correct)
InsLoc4=3
# Where to insert Ipv6 rules into INPUT chain (change if not correct)
InsLoc6=4
#
# First for Ipv4 addresses
#
# ***** make sure the sickbird chain exists ****
iptables -N sickbird
iptables -I sickbird 1 -j DROP
# log the first 24 then only 12 per hour
iptables -I sickbird 1 -m limit --limit 12/hour --limit-burst 24 -j LOG --log-level warning --log-tcp-sequence --log-tcp-options --log-ip-options --log-prefix "DROP IPV4 INVALID "
#
Ipv4List=`ifconfig | grep -i "inet addr:" | awk '{print $2 " "}' | awk '{FS = ":" }{print $2 " "}' | sort -u `
for myIP in $Ipv4List
do
# insert rule to DROP/log packet
echo "Rule created for $myIP"
iptables -I INPUT $InsLoc4 ! -i lo -s $myIP -j $TARGET
done
# Get local network ipv6 global address and /mask (only first if more than one)
IP6wMASK=`ifconfig br0 | grep -i "inet6 addr:" | grep -i "Scope:Global" | head -1 | awk '{print $3}'`
# may not have ipv6 address yet for br0
if [ "x$IP6wMASK" != "x" ]
then
#
# Now for Ipv6 addresses
#
# ***** make sure the sickbird chain exists ****
ip6tables -N sickbird
ip6tables -I sickbird 1 -j DROP
# log the first 24 then only 12 per hour
ip6tables -I sickbird 1 -m limit --limit 12/hour --limit-burst 24 -j LOG --log-level warning --log-tcp-sequence --log-tcp-options --log-ip-options --log-prefix "DROP IPV6 INVALID "
#
Ipv6List=`ifconfig | grep -i "inet6 addr:" | grep -v "Scope:Compat" | awk '{print $3 " "}' | awk '{FS = "/" }{print $1 " "}' | sort -u `
for myIP in $Ipv6List
do
# insert rule to DROP/log packet
echo "Rule created for $myIP"
ip6tables -I INPUT $InsLoc6 ! -p ipv6-icmp ! -i lo -s $myIP -j $TARGET
#
done
#
else
echo "No global Ipv6 address on br0, assume Ipv6 not used on lan"
fi
#
I'll take a stab at this tomorrow. In the meantime, I've added my own motto to my signature as a sort of counterpoint to yours.
I forgot to say you do not need to do the logging for long..If you get 30 logs lines that should be all you need to see if TTL changes. Then you can disable the logs if you want.
Getting a slow start this Saturday morning, haven't tried the script yet.@coldwizard I think you're getting ahead of yourself here. Let's wait and see whether this actually stops the messages @RocketJSquirrel is seeing and if so, what kind of packets they are.
I also see only one message at a time. If I take iPhone & iPad away from the router and into the vicinity of the Netgear WAP, each one will cause one line to be added to syslog.@RocketJSquirrel Out of interest, when your devices change from one access point to the other, how many messages (typically) does it generate in the syslog? I only ever see one per change.
Oct 24 11:59:29 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 11:59:46 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:00:07 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:00:27 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:00:46 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:00:59 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:01:16 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:01:28 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217
Oct 24 12:01:28 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217
Oct 24 12:01:34 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:01:51 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:02:11 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:02:36 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Oct 24 12:04:56 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF OPT (94040000) PROTO=2
Oct 24 12:45:46 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF OPT (94040000) PROTO=2
Oct 24 12:52:03 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF OPT (94040000) PROTO=2
Oct 24 12:54:58 kernel: br0: received packet on eth1 with own address as source address
Oct 24 12:56:14 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF OPT (94040000) PROTO=2
OK, I rebooted and ran your script, @coldwizard and the syslog is showing many lines already, and they're mostly, but not all, the same:
Interesting.Code:Oct 24 11:59:29 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 11:59:46 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:00:07 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:00:27 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:00:46 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:00:59 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:01:16 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:01:28 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217 Oct 24 12:01:28 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217 Oct 24 12:01:34 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:01:51 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:02:11 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105 Oct 24 12:02:36 kernel: DROP IPV4 INVALID IN=br0 OUT= MAC= SRC=192.168.1.1 DST=239.255.255.250 LEN=125 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1008 DPT=1900 LEN=105
Since we can stop the messages with iptable rules, we have to conclude that these are real packets coming back to the router.
Ooh, one of the "own address" messages snuck through the filter.
syslogd -m 0 -O /tmp/syslog.log -S -s 256 -l 7
#define br_warn(__br, format, args...) \
br_printk(KERN_WARNING, __br, format, ##args)
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!