News
:
This forum is now permanently frozen.
m0n0wall Forum
>
m0n0wall Support (English)
>
Firewall/NAT
Topic: question about firewall log entry
Pages: [
1
]
Topic: question about firewall log entry (Read 1739 times)
question about firewall log entry
« on: June 26, 2013, 05:43:36 »
azdps
Posts: 63
My firewall log is filled with IGMP entries that are all the same. Below is the log entry:
Time If Source Destination Proto
--------------------------------------------------------------------------------
20:15:44.625753 WAN 10.37.140.1 224.0.0.1 IGMP
I pinged 224.0.0.1 and it shows differnt lan ip addresses that are all apple devices. Such as a Macbook pro, Iphone and Ipod Touch. Doesn't show any non apple products, so it's obviously apple related.
The problem is I have no idea what IP address 10.37.140.1 is. I can ping it but I really can't seem to figure out what device has that IP. I have m0n0wall setup as my firewall and a wireless router that acts as a wireless access point only. Staic IP are setup for all devices on the network ranging from 10.255.255.100 - 10.255.255.120. The DHCP server allows for only one additional ip address 10.255.255.254 which is not tied to a specific mac address.
It seems 10.37.140.1 would be part of the local network but nmap shows it as one hop outside the firwall. localhost --> m0n0wall --> 10.37.140.1
«
Last Edit: June 26, 2013, 19:47:30 by azdps
»
Re: question about firewall log entry
« Reply #1 on: June 27, 2013, 01:06:07 »
Lee Sharp
Posts: 517
This may help...
http://en.wikipedia.org/wiki/Multicast_address
Something outside is being noisy.
Pages: [
1
]