On 8/10/05, Chris Green chris@areti.co.uk wrote:
I have a Zyxel Prestige ADSL router which does my NAT and is also a firewall.
I'm fairly happy that I have the firewall set up correctly, however I'd like to be able to interpret what I'm seeing in the router logs.
Aug 10 12:31:16 zyxel RAS: src="192.168.13.44" dst="224.0.0.251" msg="Firewall default policy: IGMP (L to L/PRESTIGE)" note="ACCESS FORWARD" devID="D9C103" cat="Access Control"This is from a networked HP 7310 printer but I don't understand the dst address, where does 224.0.0.251 come from? It has no relation to my 192.168.13.xx subnet.
Aug 10 12:31:16 zyxel RAS: src="192.168.13.44" dst="224.0.1.60" msg="Firewall default policy: IGMP (L to L/PRESTIGE)" note="ACCESS FORWARD" devID="D9C103" cat="Access Control"This (again from the printer) always appears immediately after the other printer one. Another 224.0.x.x destination.
224.0.0.* is "IANA Special Use". MCAST, possibly.
You probably want to turn down the amount of reporting for normal traffic, but the messages about IP addresses outside your network trying to connect to other devices outside of the network is a bit worrying.
Hope this helps, Tim.