Huge number of ipfw messages

Status
Not open for further replies.
Kevin Horton

Kevin Horton

Guru
Joined
Dec 2, 2015
Messages
730
I'm running FreeNAS FreeNAS-9.3-STABLE-201602031011

My system has been working nicely, although the GUI did fail earlier today. The NAS was still responsive, so I ssh'd in and did a "service nginx restart" which brought the GUI back to life.

I then started trolling through the logs, trying to learn why the GUI had failed, and found a huge number of IPFW messages in the security logs ( 2-3 messages per second, or 130,000 to 200,000 lines per day).

A typical 60s of messages looks like:

Code:
Mar 10 15:15:00 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:00 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:00 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:00 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:05 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:05 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:05 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:05 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.100:7207 239.255.255.250:1900 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.100:7207 239.255.255.250:1900 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.100:17500 255.255.255.255:17500 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.100:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.100:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.9:17500 255.255.255.255:17500 in via epair0b
Mar 10 15:15:09 freenas ipfw: 500 Deny UDP 192.168.0.9:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:10 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:10 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:10 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:10 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.100:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.19:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.5:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.100:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.19:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.9:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.5:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:12 freenas ipfw: 500 Deny UDP 192.168.0.9:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:13 freenas ipfw: 500 Deny UDP 192.168.0.100:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:13 freenas ipfw: 500 Deny UDP 192.168.0.19:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:13 freenas ipfw: 500 Deny UDP 192.168.0.5:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:13 freenas ipfw: 500 Deny UDP 192.168.0.9:137 192.168.0.255:137 in via epair0b
Mar 10 15:15:14 freenas ipfw: 500 Deny UDP 192.168.0.5:17500 255.255.255.255:17500 in via epair0b
Mar 10 15:15:14 freenas ipfw: 500 Deny UDP 192.168.0.5:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:15 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:15 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:15 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:15 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:15 freenas ipfw: 500 Deny UDP 192.168.0.100:51256 239.255.255.250:1900 in via epair0b
Mar 10 15:15:15 freenas ipfw: 500 Deny UDP 192.168.0.19:61953 239.255.255.250:1900 in via epair0b
Mar 10 15:15:16 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:17 freenas ipfw: 500 Deny P:2 192.168.0.8 224.0.0.22 in via epair0b
Mar 10 15:15:17 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:19 freenas ipfw: 500 Deny P:2 192.168.0.8 224.0.0.22 in via epair0b
Mar 10 15:15:20 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:20 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:20 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:20 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:20 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.19:6804 239.255.255.250:1900 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.19:6804 239.255.255.250:1900 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:21 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:22 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:22 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:22 freenas ipfw: 500 Deny UDP 192.168.0.9:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:22 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:23 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:24 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:25 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:25 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:25 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:25 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:25 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:28 freenas ipfw: 500 Deny UDP 192.168.0.222:42748 239.255.255.250:1900 in via epair0b
Mar 10 15:15:29 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:29 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:30 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:30 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:30 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:30 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:31 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:31 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:32 freenas ipfw: 500 Deny UDP 192.168.0.1:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:32 freenas ipfw: 500 Deny UDP 192.168.0.100:58242 255.255.255.255:1900 in via epair0b
Mar 10 15:15:32 freenas ipfw: 500 Deny UDP 192.168.0.100:58242 255.255.255.255:1900 in via epair0b
Mar 10 15:15:33 freenas ipfw: 500 Deny UDP 192.168.0.1:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:33 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:35 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:35 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:35 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:35 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:35 freenas ipfw: 500 Deny UDP 192.168.0.8:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:38 freenas ipfw: 500 Deny UDP 192.168.0.222:11815 239.255.255.250:1900 in via epair0b
Mar 10 15:15:38 freenas ipfw: 500 Deny UDP 192.168.0.222:11815 239.255.255.250:1900 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.100:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.19:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.200:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.5:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.100:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.19:5353 224.0.0.251:5353 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.100:17500 255.255.255.255:17500 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.100:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.100:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.9:17500 255.255.255.255:17500 in via epair0b
Mar 10 15:15:39 freenas ipfw: 500 Deny UDP 192.168.0.9:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:40 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:40 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:40 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:40 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:44 freenas ipfw: 500 Deny UDP 192.168.0.5:17500 255.255.255.255:17500 in via epair0b
Mar 10 15:15:44 freenas ipfw: 500 Deny UDP 192.168.0.5:17500 192.168.0.255:17500 in via epair0b
Mar 10 15:15:45 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:45 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:45 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:45 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:45 freenas ipfw: 500 Deny UDP 192.168.0.100:51256 239.255.255.250:1900 in via epair0b
Mar 10 15:15:45 freenas ipfw: 500 Deny UDP 192.168.0.19:61953 239.255.255.250:1900 in via epair0b
Mar 10 15:15:46 freenas ipfw: 500 Deny UDP 192.168.0.100:59592 239.255.255.250:1900 in via epair0b
Mar 10 15:15:46 freenas ipfw: 500 Deny UDP 192.168.0.100:59592 239.255.255.250:1900 in via epair0b
Mar 10 15:15:48 freenas ipfw: 500 Deny UDP 192.168.0.222:26651 239.255.255.250:1900 in via epair0b
Mar 10 15:15:48 freenas ipfw: 500 Deny UDP 192.168.0.222:26651 239.255.255.250:1900 in via epair0b
Mar 10 15:15:50 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:50 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:50 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:50 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:55 freenas ipfw: 500 Deny UDP 192.168.0.100:52204 192.168.0.255:32412 in via epair0b
Mar 10 15:15:55 freenas ipfw: 500 Deny UDP 192.168.0.100:57327 192.168.0.255:32414 in via epair0b
Mar 10 15:15:55 freenas ipfw: 500 Deny UDP 192.168.0.19:52731 192.168.0.255:32412 in via epair0b
Mar 10 15:15:55 freenas ipfw: 500 Deny UDP 192.168.0.19:53817 192.168.0.255:32414 in via epair0b
Mar 10 15:15:58 freenas ipfw: 500 Deny UDP 192.168.0.222:42748 239.255.255.250:1900 in via epair0b


The 192.168.0.X IP addresses are all devices on the local network.

Debug info

What is going on here? This seems a bit excessive. Do I have something misconfigured?

Thanks,

Kevin
 
Kevin Horton

Kevin Horton

Guru
Joined
Dec 2, 2015
Messages
730
It turns out that this is coming from the ipfw rules I have in the owncloud jail. This jail is exposed to the internet on port 443 and uses a self-signed SSL certificate, ipfw and fail2ban as protection.

Should I be concerned about any of the IPs I see in the log?
 
Last edited:
Kevin Horton

Kevin Horton

Guru
Joined
Dec 2, 2015
Messages
730
Thanks Dru. That certainly explains most of what I've got in the logs. Some of the other stuff looks like normal traffic with a bunch of Apple services on the network.

It surprised me that ipfw in a jail would lead to a bunch of messages at the FreeNAS level. I would have expected the messages from ipfw in the jail to be in the log in the jail.

I've added a few specific IPFW rules to allow most of the traffic that I was seeing, to make the log more meaningful.
 
Status
Not open for further replies.

Similar threads

adrianwi
  • Locked
Help! Console going mad with freenas kernel messages after update
Replies
0
Views
953
adrianwi
adrianwi
C
  • Locked
ipfw console messages
Replies
4
Views
982
calgarychris
C
U
  • Locked
Create FreeNAS with Firewall for Jail and Host using ipfw
Replies
0
Views
11K
uutzinger
U
E
Server Rebooting after Jail Upgrade / Removing Link Agg
Replies
1
Views
1K
Exmo
E
Top