I have several servers where I'm seeing this. Here's my understanding of the problem: 1) at some time in the past there was a printer at 192.168.3.25 which has now moved (probably DHCP) 2) at that time, the Windows PC at 192 168.1.222 latched onto that address 3) now that Windows PC can't find the printer via arp so it's sending this traffic to Mr. Gateway because he knows everything 4) as Roberto said, you don't have the routeback option set on the interface so Shorewall complains
Your situation differs from mine. Either you have to subnets on the same interface (192.168.1.0/24 and 192.168.3.0/24) or your subnet prefix is something like a /22. Is there a printer at 192.168.3.25? Try visiting the PC and looking at it's printers to see if it is using an address instead of a hostname. Configure the routeback options on the interface and add appropriate rules: DROP loc loc tcp,udp snmp Bill On 5/12/2017 12:46 AM, Will Lowe wrote: > Thank you, I did overlook that. > > On Thu, May 11, 2017 at 11:20 PM, Roberto C. Sánchez <robe...@connexer.com > <mailto:robe...@connexer.com>> wrote: > > On Thu, May 11, 2017 at 11:06:40PM -0500, Will Lowe wrote: > > Can someone help me understand this particular log message? It is > from a > > Ricoh Printer on my main net to a computer on an adjacent net which > is > > also under my control.. Neither the printer nor this computer should > be > > communicating with each other for any reason. The computer is not > maned by > > anyone. I've checked with Ricoh and they cannot explain it. And, > secondly, > > why would Shorewall react to anything not meant to go through it? > > Shorewall:FORWARD:REJECT:IN=enp5s2 OUT=enp5s2 > > MAC=00:0e:04:24:45:85:00:26:73:9b:d1:c9:08:00 SRC=192.168.1.222 > > DST=192.168.3.25 LEN=109 TOS=0x00 PREC=0x00 TTL=63 ID=39208 PROTO=UDP > > SPT=161 DPT=61532 LEN=89 > > I am not sure why your printer is trying to communicate in this manner. > Shorewall's behavior is a result of the source and destination addresses > being accessible through the same interface and that you probably have > not set the routeback option on the interface (enp5s2 in this case). > > By default Shorewall will not send packets out the same interface which > they entered. > > Regards, > > -Roberto > > -- > Roberto C. Sánchez > http://people.connexer.com/~roberto > <http://people.connexer.com/%7Eroberto> > http://www.connexer.com > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > <https://lists.sourceforge.net/lists/listinfo/shorewall-users> > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
