Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied

    Routing and Multi WAN
    1
    2
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eskild
      last edited by

      Hi,
      i have just redesigned my firewall solution using a clean install of 1.2RC4.

      The setup is: LAN <fw2>DMZ <fw1>WAN      where i'm using RIPv2 between the firewalls. There is a VLAN interface (vlan0) on physical LAN(DMZ) port of FW1 where captive portal is enabled. I keep getting the printout below in the system log after i enabled the vlan0 interface:

      Jan 26 19:09:09 last message repeated 4 times
      Jan 26 19:09:09 last message repeated 4 times
      Jan 26 19:07:09 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:07:09 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:06:39 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:06:32 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:06:39 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:06:32 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:06:15 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:06:15 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:06:08 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:06:08 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:05:59 routed[2089]: receiving our own change messages
      Jan 26 19:05:59 routed[2089]: receiving our own change messages
      Jan 26 19:05:59 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:05:59 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:05:57 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:05:57 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
      Jan 26 19:05:57 routed[921]: sendto(vlan0, 224.0.0.1): Permission denied
      Jan 26 19:05:57 routed[921]: sendto(vlan0, 224.0.0.1): Permission denied

      I know 224.0.0.9 is RIP, but what is the reason to this printout?
      Is this related to captive portal, because i can't get it to work using the same setup as i used on the monowall? Attached rules for captive portal.

      Thanks,
      Eskild

      Edit:
      I have the Captive Portal worked out now(cached certificate and DNS problems), but the printout is still there. RIP is not enabled for the captive portal interface.

      ifconfig

      fxp0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
              options=8 <vlan_mtu>inet6 fe80::XXX:XXX:XXX:XXX%fxp0 prefixlen 64 scopeid 0x1
              inet XXX.XXX.XXX.XXX netmask 0xffffff00 broadcast XXX.XXX.XXX.XXX
              ether 00:02:b3:4c:b3:de
              media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active
      fxp1: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
              options=8 <vlan_mtu>inet6 fe80::202:a5ff:fe02:bcd5%fxp1 prefixlen 64 scopeid 0x2
              inet 192.168.100.1 netmask 0xffffffe0 broadcast 192.168.100.31
              ether 00:02:a5:02:bc:d5
              media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active
      fxp2: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
              options=b <rxcsum,txcsum,vlan_mtu>inet 192.168.50.1 netmask 0xfffffff0 broadcast 192.168.50.15
              inet6 fe80::202:b3ff:fe4c:9b31%fxp2 prefixlen 64 scopeid 0x3
              ether 00:02:b3:4c:9b:31
              media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active
      rl0: flags=8802 <broadcast,simplex,multicast>mtu 1500
              options=8 <vlan_mtu>ether 00:10:a7:1d:33:d7
              media: Ethernet autoselect (10baseT/UTP)
              status: no carrier
      pfsync0: flags=41 <up,running>mtu 2020
              pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
      enc0: flags=0<> mtu 1536
      pflog0: flags=100 <promisc>mtu 33208
      lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
              inet 127.0.0.1 netmask 0xff000000
              inet6 ::1 prefixlen 128
              inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
      vlan0: flags=9843 <up,broadcast,running,simplex,link0,multicast>mtu 1500
              inet6 fe80::202:b3ff:fe4c:b3de%vlan0 prefixlen 64 scopeid 0x9
              inet 192.168.120.1 netmask 0xffffffe0 broadcast 192.168.120.31
              ether 00:02:a5:02:bc:d5
              media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active
              vlan: 7 parent interface: fxp1

      pubWlanRules.png
      pubWlanRules.png_thumb</full-duplex></up,broadcast,running,simplex,link0,multicast></up,loopback,running,multicast></promisc></up,running></vlan_mtu></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></fw1></fw2>

      1 Reply Last reply Reply Quote 0
      • E
        eskild
        last edited by

        Kinda resolved.
        After deactivating SIP on the CP IF, i added 224.0.0.1 to "allowed ip address" rules in the captive portal config. Now the icmp router advertisment is no longer blocked by the CP.

        Cheers,
        Eskild

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.