avahi messages about invalid this and that

[mael]

I'm sure I'm probably blowing this way out of proportion but I hope it's better than being totally lax.
Well, a week or so ago I started noticing in the footer:
avahi-daemon:
Invalid legacy unicast query packet.
Invalid response packet from host X.X.X.X
(1-2 hits are from my LAN the rest are from the outside world. There is a bug report https://bugs.freenas.org/issues/2146 that seems to talk about this but the person mentions an IP address within the LAN and "various" IP addresses. How I wish they'd mentioned the others and how they knew it was the same computer because I have no way of checking if those external IP addresses are a computer in my LAN ? I don't get how that works but I understand nothing about networks so I can just make guesses.)
Received response from host X.X.X.X with invalid source port XXX(XX) on interface 'igb0.0'
None of these are LAN IP Addresses and there is quite a handful of ports at first there were a bunch of different ones but as of late it's just two ports that keep getting tried repeatedly.

Is this just the same issue as mentioned in the bug and I'm just letting my imagination wonder or... ?

I was going to completely disregard this after I saw the bug report until I noticed one of my clients when I type in
network:/// in the file manager I have half a dozen computers showing up that aren't mine. And well now I've gotten paranoid and need someone to tell this n00b he's overreacting yet again, heh.

So, any help with this would be greatly appreciated.

 

[cyberjock]

If you are finding computers that aren't yours it sounds like you have a security issue for your network... Unfortunately, that's kind of beyond the scope of this forum and your network topology and configuration will have to be known to even think about fixing it. I'd go through your firewall and see what's going on though. Something is wrong.

 

[pirateghost]

I agree with CyberJock. You should not be seeing these messages from an outside IP address. You need to have a look at your network configuration. This is not really a FreeNAS issue. You need to understand your network layout, and sadly, there are many that do not even understand what that means.

 

[mael]

Sorry in my haste to post I forgot to mention that I'm getting my Internet via the local university so most that I've talked to seem to think that the reason I'm seeing those computers is because those people connected their computers directly to the Internet and maybe are also without firewalls (Do Macs come without firewalls ? Seeing as all computers that appear have the word "Mac" within their name except for two labeled just "kun(sharing)" but I'd wager that's also a Mac).

So supposing that those I've talked to are correct is there any need to worry about what I've been seeing in FreeNAS ?
As I said in the bug report that I linked to the person said that they saw a bunch of IP addresses but that it was only one computer (A Mac incidentally). And I have no way of knowing if they meant only local addresses or also external. My LAN is 192.168.0.XXX and the addresses I see are:
1 that is within that range(My RPi) and the rest are 130.X.X.X right now my NAS is off but I did copy the output if it is needed.
I should also mention my external IP address is 130.X.X.X (again if relevant I can look it up).



So, I'm wondering if what I see FreeNAS outputting is the same as what is in the bug.
Or, if it's all these Macs that I'm seeing, seeing as the person that reported the bug did mention a Mac [it's a stretch but it would (at least in my warped mind) make sense since the IP addresses are also 130.X.X.X and the number of IP Addresses (seen in FreeNAS) and the "Macs" (seen on my computer) is around the same amount(although the numbers fluctate; in my opinion only visible when they are actually connected and powered on)] and also could be part of the bug something that Macs do special(?). This I can't know and like I said is just speculation seeing as there is only one person that has posted on that bug report.
Or is it just normal to see that output in FreeNAS, say, for instance, your ISP is sending/receiving packets that are found to be invalid by one FreeNAS(Although I don't quite get the source ports thing) ?

 

[cyberjock]

If you are getting from a bunch of IPs, it is most certainly not "A Mac incidentally". I still believe what I said earlier. You shouldn't be seeing all these computers and you need a firewall to protect your FreeNAS box(and also your own LAN).

It sounds like there may be a firewall in between converting your 130.x.x.x to 192.168.0.x, but it is probably misconfigured and has ports forwarded or something. You should not be seeing any addresses from anyone that isn't on your 192.168.0.x or your firewall isn't doing the job its supposed to.