News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: question about firewall log entry
Pages: [1]
Topic: question about firewall log entry  (Read 1739 times)
« on: June 26, 2013, 05:43:36 »
azdps **
Posts: 63
My firewall log is filled with IGMP entries that are all the same. Below is the log entry:

Time                         If          Source              Destination    Proto
--------------------------------------------------------------------------------
20:15:44.625753     WAN     10.37.140.1     224.0.0.1        IGMP

I pinged 224.0.0.1 and it shows differnt lan ip addresses that are all apple devices. Such as a Macbook pro, Iphone and Ipod Touch. Doesn't show any non apple products, so it's obviously   apple related.

The problem is I have no idea what IP address 10.37.140.1 is. I can ping it but I really can't seem to figure out what device has that IP. I have m0n0wall setup as my firewall and a wireless router that acts as a wireless access point only. Staic IP are setup for all devices on the network ranging from 10.255.255.100 - 10.255.255.120. The DHCP server allows for only one additional ip address 10.255.255.254 which is not tied to a specific mac address.

It seems 10.37.140.1 would be part of the local network but nmap shows it as one hop outside the firwall.   localhost --> m0n0wall --> 10.37.140.1
« Last Edit: June 26, 2013, 19:47:30 by azdps »
« Reply #1 on: June 27, 2013, 01:06:07 »
Lee Sharp *****
Posts: 517
This may help...  http://en.wikipedia.org/wiki/Multicast_address  Something outside is being noisy.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines