I am brand-new to TomatoUSB and, after seeing the atrocious firmware on the ASUS RT-N16, installed
on the router, copying all my settings from my old DI-624 router. Everything seems okay, so far, except that I noticed this constantly repeating log entry:
|Sep 25 07:17:31 RT-MACofRouter user.warn kernel: ACCEPT IN=vlan2 OUT= MACSRC=00:13:5f:05:61:d9 MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0800 SRC=10.227.96.1 DST=255.255.255.255 LEN=335 TOS=0x00 PREC=0x00 TTL=255 ID=21580 PROTO=UDP SPT=67 DPT=68 LEN=315|
The above line repeats many times, all from SRC=10.227.96.1.
Then, I'll see fewer of the following boxed lines, interspersed:
|Sep 25 20:30:51 RT-MACofRouter user.warn kernel: DROP IN=vlan2 OUT= MACSRC=00:13:5f:05:61:d9 MACDST=MACofRouter MACPROTO=0800 SRC=220.127.116.11 DST=MyWANIP LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=3389 SEQ=1985216512 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0|
The above line appears once, from SRC=18.104.22.168. Then, it's back to the first line, with SRC=10.227.96.1.
|Sep 25 20:32:15 RT-MACofRouter user.warn kernel: DROP IN=vlan2 OUT= MACSRC=00:13:5f:05:61:d9 MACDST=MACofRouter MACPROTO=0800 SRC=22.214.171.124 DST=MyWANIP LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=256 DF PROTO=TCP SPT=12200 DPT=9415 SEQ=410369444 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0|
The above line repeats, say, 3-5 times in a row, all from SRC=126.96.36.199. Then, it's back to the first line, with SRC=10.227.96.1.
|Sep 25 20:45:42 RT-MACofRouter user.warn kernel: ACCEPT IN=vlan2 OUT= MACSRC=00:13:5f:05:61:d9 MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0800 SRC=172.26.120.5 DST=255.255.255.255 LEN=349 TOS=0x00 PREC=0x00 TTL=255 ID=33118 PROTO=UDP SPT=67 DPT=68 LEN=329|
The above line appears once, from SRC=172.26.120.5. Then, it's back to the first line, with SRC=10.227.96.1.
I did my best to try to figure out what it is, and read something…
- …here (tomatousb.org/forum/t-274285) about source port 67 and destination port 68 from broken DHCP servers
- …and elsewhere about CMTS DHCP acknowledgment.
I tried two things (total guesses), neither worked:
1. Executing in the GUI:
|nvram set dhcp_pass=0|
This showed "Error" (no explanation), but the value changed. I later set it back to it original value, 1.
2. Performing a dnsmasq:
With this, the log started showing more DROPs in addition to the ACCEPTs,
with the DROP MACDST being that of my router and the SRC being a different IP,
while the MACSRC remained the same.
How do I fix this log problem?