Routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied



  • Hi,
    i have just redesigned my firewall solution using a clean install of 1.2RC4.

    The setup is: LAN <fw2>DMZ <fw1>WAN      where i'm using RIPv2 between the firewalls. There is a VLAN interface (vlan0) on physical LAN(DMZ) port of FW1 where captive portal is enabled. I keep getting the printout below in the system log after i enabled the vlan0 interface:

    Jan 26 19:09:09 last message repeated 4 times
    Jan 26 19:09:09 last message repeated 4 times
    Jan 26 19:07:09 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:07:09 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:06:39 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:06:32 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:06:39 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:06:32 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:06:15 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:06:15 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:06:08 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:06:08 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:05:59 routed[2089]: receiving our own change messages
    Jan 26 19:05:59 routed[2089]: receiving our own change messages
    Jan 26 19:05:59 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:05:59 routed[2089]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:05:57 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:05:57 routed[2089]: Send mcast sendto(vlan0, 224.0.0.9.520): Permission denied
    Jan 26 19:05:57 routed[921]: sendto(vlan0, 224.0.0.1): Permission denied
    Jan 26 19:05:57 routed[921]: sendto(vlan0, 224.0.0.1): Permission denied

    I know 224.0.0.9 is RIP, but what is the reason to this printout?
    Is this related to captive portal, because i can't get it to work using the same setup as i used on the monowall? Attached rules for captive portal.

    Thanks,
    Eskild

    Edit:
    I have the Captive Portal worked out now(cached certificate and DNS problems), but the printout is still there. RIP is not enabled for the captive portal interface.

    ifconfig

    fxp0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
            options=8 <vlan_mtu>inet6 fe80::XXX:XXX:XXX:XXX%fxp0 prefixlen 64 scopeid 0x1
            inet XXX.XXX.XXX.XXX netmask 0xffffff00 broadcast XXX.XXX.XXX.XXX
            ether 00:02:b3:4c:b3:de
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    fxp1: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
            options=8 <vlan_mtu>inet6 fe80::202:a5ff:fe02:bcd5%fxp1 prefixlen 64 scopeid 0x2
            inet 192.168.100.1 netmask 0xffffffe0 broadcast 192.168.100.31
            ether 00:02:a5:02:bc:d5
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    fxp2: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
            options=b <rxcsum,txcsum,vlan_mtu>inet 192.168.50.1 netmask 0xfffffff0 broadcast 192.168.50.15
            inet6 fe80::202:b3ff:fe4c:9b31%fxp2 prefixlen 64 scopeid 0x3
            ether 00:02:b3:4c:9b:31
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    rl0: flags=8802 <broadcast,simplex,multicast>mtu 1500
            options=8 <vlan_mtu>ether 00:10:a7:1d:33:d7
            media: Ethernet autoselect (10baseT/UTP)
            status: no carrier
    pfsync0: flags=41 <up,running>mtu 2020
            pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
    enc0: flags=0<> mtu 1536
    pflog0: flags=100 <promisc>mtu 33208
    lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
            inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
    vlan0: flags=9843 <up,broadcast,running,simplex,link0,multicast>mtu 1500
            inet6 fe80::202:b3ff:fe4c:b3de%vlan0 prefixlen 64 scopeid 0x9
            inet 192.168.120.1 netmask 0xffffffe0 broadcast 192.168.120.31
            ether 00:02:a5:02:bc:d5
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
            vlan: 7 parent interface: fxp1


    </full-duplex></up,broadcast,running,simplex,link0,multicast></up,loopback,running,multicast></promisc></up,running></vlan_mtu></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></fw1></fw2>



  • Kinda resolved.
    After deactivating SIP on the CP IF, i added 224.0.0.1 to "allowed ip address" rules in the captive portal config. Now the icmp router advertisment is no longer blocked by the CP.

    Cheers,
    Eskild


Locked