Ok. This seems to be all kind of traffic generated when I'm connecting my apple notebook without any encryption:
Code:
Jan 01 12:27:14.995251 rule 19/(ip-option) pass in on rum0: 192.168.2.101 > 224.0.0.2: igmp leave 224.0.0.251
Jan 01 12:27:14.995492 rule 19/(ip-option) pass in on rum0: 192.168.2.101 > 224.0.0.251: igmp nreport 224.0.0.251
Jan 01 12:27:15.233747 rule 141/(match) block in on rum0: 192.168.2.101.63186 > 192.168.2.255.137: udp 50
Jan 01 12:27:15.503536 rule 141/(match) block in on rum0: 192.168.2.101.63186 > 192.168.2.255.137: udp 50
Jan 01 12:27:15.773348 rule 141/(match) block in on rum0: 192.168.2.101.63186 > 192.168.2.255.137: udp 50
Jan 01 12:27:16.005773 rule 141/(match) block in on rum0: 192.168.2.101.52465 > 192.168.2.254.192: udp 4
Jan 01 12:27:16.345618 rule 19/(ip-option) pass in on rum0: 192.168.2.101 > 224.0.0.251: igmp nreport 224.0.0.251
Jan 01 12:27:16.506266 rule 141/(match) block in on rum0: 192.168.2.101.63282 > 192.168.2.254.192: udp 4
Jan 01 12:27:18.007505 rule 141/(match) block in on rum0: 192.168.2.101.54894 > 192.168.2.254.192: udp 4
Jan 01 12:27:18.501488 rule 141/(match) block in on rum0: 192.168.2.101.51276 > 192.168.2.255.137: udp 50
Jan 01 12:27:18.501675 rule 141/(match) block in on rum0: 192.168.2.101.65155 > 192.168.2.254.192: udp 4
Jan 01 12:27:18.772553 rule 141/(match) block in on rum0: 192.168.2.101.51276 > 192.168.2.255.137: udp 50
Jan 01 12:27:19.040897 rule 141/(match) block in on rum0: 192.168.2.101.51276 > 192.168.2.255.137: udp 50
Jan 01 12:27:19.999965 rule 141/(match) block in on rum0: 192.168.2.101.57817 > 192.168.2.254.192: udp 4
Jan 01 12:27:20.498712 rule 141/(match) block in on rum0: 192.168.2.101.55357 > 192.168.2.254.192: udp 4
In the syslog-file, dhcpd reports the following:
Code:
Jan 1 12:26:48 router dhcpd[18319]: DHCPDISCOVER from 00:33:36:37:78:8e via rum0
Jan 1 12:26:48 router dhcpd[18319]: icmp_echorequest 192.168.2.101: No route to host
Jan 1 12:26:48 router dhcpd[18319]: DHCPOFFER on 192.168.2.101 to 00:33:36:37:78:8e via rum0
Jan 1 12:26:49 router dhcpd[18319]: DHCPREQUEST for 192.168.2.101 from 00:33:36:37:78:8e via rum0
Jan 1 12:26:49 router dhcpd[18319]: DHCPACK on 192.168.2.101 to 00:33:36:37:78:8e via rum0
Jan 1 12:27:12 router dhcpd[18319]: DHCPREQUEST for 192.168.2.101 from 00:33:36:37:78:8e via rum0
Jan 1 12:27:12 router dhcpd[18319]: DHCPACK on 192.168.2.101 to 00:33:36:37:78:8e via rum0
This is my current routing table (I blacked out the mac addresses and some provider-specific ip addresses):
Code:
# route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default xxx.xxx.xxx.xxx UGS 10 573911 - 8 axe0
192.168.1/24 link#2 UC 2 0 - 4 gem0
192.168.1.1 00:xx:xx:xx:xx:xx UHLc 1 278 - 4 lo0
192.168.1.96 00:xx:xx:xx:xx:xx UHLc 5 568082 - L 4 gem0
127/8 127.0.0.1 UGRS 0 0 33200 8 lo0
127.0.0.1 127.0.0.1 UH 4 2399870 33200 4 lo0
xxx.xxx.xx/21 link#5 UC 1 0 - 4 axe0
xxx.xxx.xxx.xxx 127.0.0.1 UGHS 0 1067 33200 8 lo0
xxx.xxx.xxx.xxx 00:xx:xx:xx:xx:xx UHLc 1 0 - 4 axe0
192.168.2/24 link#7 C 2 0 - 4 rum0
192.168.2.101 00:xx:xx:xx:xx:xx HLc 1 1 - 4 rum0
192.168.2.102 00:xx:xx:xx:xx:xx HLc 0 7 - 4 rum0
224/4 127.0.0.1 URS 0 283 33200 8 lo0
Maybe there's a routing issue here? Why should report dhcpd "nor route to host" then?