Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

kernel: wrong ip[0],not_list[0]

Hello everybody,

My RV325 contains 4 VLAN, each one with a DHCP server, and most of the clients with a reserved IP.

What does mean these log issues?

It seems that I have many of them when I set up my RV325 dual wan mode on "Load balance (auto mode)": it seems also, but I'm not sure, that when I have these log traces, I cannot connect on the internet.

Kind regards

David

Everyone's tags (1)
6 REPLIES
New Member

It can become a nightmare

It can become a nightmare somedays!

Silver

Hello,Please update to the

Hello,

Please update to the latest 1.1.1.19 firmware:  https://software.cisco.com/download/release.html?mdfid=284005929&flowid=43302&softwareid=282465789&release=1.1.1.19&relind=AVAILABLE&rellifecycle=&reltype=latest

Hopefully this new f/w will resolve your issue that you are experiencing.

Thanks,
Cindy

 

 

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
New Member

That did not seem to fix the

That did not seem to fix the problem.

It appears to be related to making changes to the router.

Jan  8 09:42:11 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:42:12 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:42:29 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:42:30 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:42:52 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:42:53 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:43:10 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:43:11 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:43:35 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:43:36 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:43:55 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:43:57 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:44:13 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:44:14 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:44:29 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:44:30 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:44:45 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:44:46 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:44:58 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:44:59 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:45:15 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:45:16 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:45:29 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:45:30 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:45:42 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:45:43 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:45:56 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:45:57 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:46:11 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:46:13 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:46:27 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:46:29 2015 cisco kernel: wrong ip[0],not_list[0]

 

Jan  8 09:46:45 2015 cisco User Log: edit_access_rules.htm is changed.

 

Jan  8 09:46:46 2015 cisco kernel: wrong ip[0],not_list[0]

 

New Member

I found that blocking Class B

I found that blocking Class B networks where "Changer Servers" doing port scans can help to stop the disruption of services to an extent.

Here is a group that claims to be fighting the "hackers" doing the port scans.

https://www.shadowserver.org/wiki/pmwiki.php 

I track them down to an Network Provider that give me their information.   China is the worst with Eastern Europe following a close second.   Would be nice if we could just shut down all these changer servers, I was amazed at how many of them out there with the US leading the pack.

 

New Member

I followed robert's advice

I followed robert's advice added firewall rule to block all source ip's from 172.16.0.0 - 172.31.255.255

upgraded firmware.....

Still see the same error....  

2016-03-31, 22:16:38 User Log edit_access_rules.htm is changed.
2016-03-31, 22:16:38 Kernel kernel: wrong ip[0],not_list[0]

Im in agreement with roberts second... the error seems to  show up after every change made by the user...  
relatively rediculous that cisco hasn't caught and fixed this one...  

this is affecting a brand new RV320 btw...

2016-06-29, 12:12:53

2016-06-29, 12:12:53

User Log adv_forwarding.htm is changed.
2016-06-29, 12:12:54 Kernel kernel: wrong ip[0],not_list[0]
2016-06-29, 12:13:00 ALLOW TCP 155.133.82.77:53089 -> 24.97.220.202:5905 on eth1
2016-06-29, 12:13:00 BLOCK TCP 155.133.82.77:53089 -> 192.168.123.108:5905 on eth1
2016-06-29, 12:13:02 ALLOW TCP 155.133.82.77:53489 -> 24.97.220.202:5904 on eth1
2016-06-29, 12:13:02 BLOCK TCP 155.133.82.77:53489 -> 192.168.123.104:5904 on eth1
2016-06-29, 12:13:03 ALLOW TCP 155.133.82.77:53089 -> 24.97.220.202:5905 on eth1
2016-06-29, 12:13:03 BLOCK TCP 155.133.82.77:53089 -> 192.168.123.108:5905 on eth1

My issue is similar, while experiencing brute-force attacks from (china,poland,etc..) my email is full of

logs from my cisco rv325.

Firewall rules related to this issue:

Deny All Traffic [1] * 155.133.82.0 ~ 155.133.82.255 24.97.220.202 ~ 24.97.220.202 Always
Deny All Traffic [1] * 155.133.82.0 ~ 155.133.82.255 Any Always

Port forwarding related to this issue:

VNC4[TCP/5904~5904] 192.168.123.104 Enabled
VNC5[TCP/5905~5905] 192.168.123.108 Enabled
VNC0[TCP/5900~5900] 192.168.123.130 Disabled
VNC3[TCP/5903~5903] 192.168.123.106 Enabled
VNCJ3[TCP/5803~5803] 192.168.123.106 Enabled

Even with logging disabled I still have logs of the port forwarding from the public ip to private ip.

Funny how I get an ALLOW log entry even when the firewall is denying access.

Maybe the forwarding is somehow bypassing firewall rules? Is this the correct way to handle it?

I am running the latest firmware. There is a bug here somewhere please fix it or provide a workaround.

759
Views
0
Helpful
6
Replies