Will Lowe <wml...@gmail.com> wrote: > Can someone help me understand this particular log message? It is from a > Ricoh Printer on my main net to a computer on an adjacent net which is also > under my control.. Neither the printer nor this computer should be > communicating with each other for any reason. The computer is not maned by > anyone. I've checked with Ricoh and they cannot explain it. And, secondly, > why would Shorewall react to anything not meant to go through it? > > Shorewall:FORWARD:REJECT:IN=enp5s2 OUT=enp5s2 > MAC=00:0e:04:24:45:85:00:26:73:9b:d1:c9:08:00 SRC=192.168.1.222 > DST=192.168.3.25 LEN=109 TOS=0x00 PREC=0x00 TTL=63 ID=39208 PROTO=UDP SPT=161 > DPT=61532 LEN=89
UDP port 161 is SNMP. I'll hazard a guess that the computer is looking for printers automatically - most OSs these days default to using SNMP to query the printer for various information. Even though you might not be expecting any communication, the printer will almost certainly be broadcasting it's presence with mDNS (lookup Zeroconf, aka Bonjour) - hence the computer will find out about it even though they are on different subnets (but same broadcast domain). ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
