Topic: Firewall is blocking calls out from SME right after boot

[LANMonkey]

I start up my SME every morning about 6:00 AM and my firewall is detecting voluminous hits on my firewall log from SME trying to contact some IPs with a destination port indicating DNS, but calling from anything but a DNS port.

Here is the log:

SPT is the source port and DPT is the destination port.

Code: [Select]

firewall log
Date: 17 January

06:00:45  SRC=192.168.1.50 DST=193.0.14.129   SPT=4841 DPT=53
06:00:45  SRC=192.168.1.50 DST=198.41.0.4   SPT=1049 DPT=53
06:00:45  SRC=192.168.1.50 DST=192.58.128.30   SPT=29630 DPT=53
06:00:45  SRC=192.168.1.50 DST=192.33.4.12   SPT=59388 DPT=53
06:00:45  SRC=192.168.1.50 DST=192.58.128.30   SPT=49792 DPT=53
06:00:45  SRC=192.168.1.50 DST=192.112.36.4   SPT=38848 DPT=53
06:00:45  SRC=192.168.1.50 DST=192.36.148.17   SPT=65157 DPT=53
06:00:45  SRC=192.168.1.50 DST=199.7.83.42   SPT=39301 DPT=53
06:00:45  SRC=192.168.1.50 DST=192.36.148.17   SPT=51783 DPT=53
06:00:46  SRC=192.168.1.50 DST=192.58.128.30   SPT=62538 DPT=53
06:00:46  SRC=192.168.1.50 DST=192.112.36.4   SPT=7296 DPT=53
06:00:46  SRC=192.168.1.50 DST=192.5.5.241   SPT=16152 DPT=53
06:00:46  SRC=192.168.1.50 DST=192.228.79.201   SPT=40602 DPT=53
06:00:46  SRC=192.168.1.50 DST=193.0.14.129   SPT=6628 DPT=53
06:00:46  SRC=192.168.1.50 DST=128.8.10.90   SPT=27699 DPT=53
06:00:46  SRC=192.168.1.50 DST=198.41.0.4   SPT=12746 DPT=53
06:00:46  SRC=192.168.1.50 DST=202.12.27.33   SPT=32256 DPT=53
06:00:46  SRC=192.168.1.50 DST=193.0.14.129   SPT=41173 DPT=53
06:00:46  SRC=192.168.1.50 DST=128.8.10.90   SPT=53643 DPT=53
06:00:46  SRC=192.168.1.50 DST=192.36.148.17   SPT=47826 DPT=53
06:00:46  SRC=192.168.1.50 DST=192.203.230.10   SPT=24619 DPT=53
06:00:46  SRC=192.168.1.50 DST=202.12.27.33   SPT=41498 DPT=53
06:00:46  SRC=192.168.1.50 DST=199.7.83.42   SPT=21751 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.112.36.4   SPT=49160 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.36.148.17   SPT=27247 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.112.36.4   SPT=48828 DPT=53
06:00:47  SRC=192.168.1.50 DST=128.8.10.90   SPT=39360 DPT=53
06:00:47  SRC=192.168.1.50 DST=199.7.83.42   SPT=3769 DPT=53
06:00:47  SRC=192.168.1.50 DST=128.8.10.90   SPT=2448 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.112.36.4   SPT=36474 DPT=53
06:00:47  SRC=192.168.1.50 DST=198.41.0.4   SPT=61863 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.5.5.241   SPT=10705 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.228.79.201   SPT=39785 DPT=53
06:00:47  SRC=192.168.1.50 DST=193.0.14.129   SPT=56678 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.203.230.10   SPT=5784 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.203.230.10   SPT=53219 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.203.230.10   SPT=28037 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.5.5.241   SPT=50558 DPT=53
06:00:47  SRC=192.168.1.50 DST=128.8.10.90   SPT=35238 DPT=53
06:00:47  SRC=192.168.1.50 DST=193.0.14.129   SPT=49182 DPT=53
06:00:47  SRC=192.168.1.50 DST=192.36.148.17   SPT=18341 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.33.4.12   SPT=37508 DPT=53
06:00:48  SRC=192.168.1.50 DST=198.41.0.4   SPT=24231 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.203.230.10   SPT=59031 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.112.36.4   SPT=54885 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.5.5.241   SPT=49071 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.5.5.241   SPT=23143 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.228.79.201   SPT=21043 DPT=53
06:00:48  SRC=192.168.1.50 DST=128.63.2.53   SPT=47979 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.58.128.30   SPT=40678 DPT=53
06:00:48  SRC=192.168.1.50 DST=128.8.10.90   SPT=20164 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.228.79.201   SPT=38829 DPT=53
06:00:48  SRC=192.168.1.50 DST=193.0.14.129   SPT=5887 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.5.5.241   SPT=37937 DPT=53
06:00:48  SRC=192.168.1.50 DST=198.41.0.4   SPT=38212 DPT=53
06:00:48  SRC=192.168.1.50 DST=198.41.0.4   SPT=63206 DPT=53
06:00:48  SRC=192.168.1.50 DST=202.12.27.33   SPT=55397 DPT=53
06:00:48  SRC=192.168.1.50 DST=128.8.10.90   SPT=44344 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.5.5.241   SPT=38498 DPT=53
06:00:48  SRC=192.168.1.50 DST=128.63.2.53   SPT=36709 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.228.79.201   SPT=22061 DPT=53
06:00:48  SRC=192.168.1.50 DST=192.112.36.4   SPT=21714 DPT=53
06:00:48  SRC=192.168.1.50 DST=198.41.0.4   SPT=38685 DPT=53
06:00:49  SRC=192.168.1.50 DST=198.41.0.4   SPT=18093 DPT=53
06:00:49  SRC=192.168.1.50 DST=128.8.10.90   SPT=46666 DPT=53
06:00:49  SRC=192.168.1.50 DST=202.12.27.33   SPT=3035 DPT=53
06:00:49  SRC=192.168.1.50 DST=192.228.79.201   SPT=50500 DPT=53
06:00:49  SRC=192.168.1.50 DST=202.12.27.33   SPT=43375 DPT=53
06:00:49  SRC=192.168.1.50 DST=199.7.83.42   SPT=58485 DPT=53
06:00:49  SRC=192.168.1.50 DST=192.228.79.201   SPT=34472 DPT=53
06:00:49  SRC=192.168.1.50 DST=128.8.10.90   SPT=3857 DPT=53
06:00:49  SRC=192.168.1.50 DST=192.228.79.201   SPT=11953 DPT=53
06:00:49  SRC=192.168.1.50 DST=192.36.148.17   SPT=62821 DPT=53
06:00:49  SRC=192.168.1.50 DST=128.8.10.90   SPT=25617 DPT=53
06:00:49  SRC=192.168.1.50 DST=192.58.128.30   SPT=31489 DPT=53
06:00:50  SRC=192.168.1.50 DST=199.7.83.42   SPT=51758 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.112.36.4   SPT=30695 DPT=53
06:00:50  SRC=192.168.1.50 DST=128.63.2.53   SPT=33220 DPT=53
06:00:50  SRC=192.168.1.50 DST=199.7.83.42   SPT=6885 DPT=53
06:00:50  SRC=192.168.1.50 DST=193.0.14.129   SPT=1349 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.203.230.10   SPT=26540 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.5.5.241   SPT=51746 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.36.148.17   SPT=42948 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.228.79.201   SPT=55335 DPT=53
06:00:50  SRC=192.168.1.50 DST=199.7.83.42   SPT=61003 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.203.230.10   SPT=27758 DPT=53
06:00:50  SRC=192.168.1.50 DST=128.8.10.90   SPT=4686 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.112.36.4   SPT=27799 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.228.79.201   SPT=47219 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.228.79.201   SPT=22338 DPT=53
06:00:50  SRC=192.168.1.50 DST=192.228.79.201   SPT=32837 DPT=53
06:00:50  SRC=192.168.1.50 DST=202.12.27.33   SPT=24699 DPT=53
06:00:51  SRC=192.168.1.50 DST=199.7.83.42   SPT=5400 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.33.4.12   SPT=61641 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.112.36.4   SPT=48627 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.228.79.201   SPT=22278 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.203.230.10   SPT=32297 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.203.230.10   SPT=39347 DPT=53 
06:00:51  SRC=192.168.1.50 DST=192.58.128.30   SPT=59160 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.112.36.4   SPT=18248 DPT=53
06:00:51  SRC=192.168.1.50 DST=193.0.14.129   SPT=29053 DPT=53
06:00:51  SRC=192.168.1.50 DST=128.63.2.53   SPT=23555 DPT=53
06:00:51  SRC=192.168.1.50 DST=202.12.27.33   SPT=37246 DPT=53
06:00:51  SRC=192.168.1.50 DST=199.7.83.42   SPT=31985 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.58.128.30   SPT=20430 DPT=53
06:00:51  SRC=192.168.1.50 DST=192.36.148.17   SPT=18002 DPT=53
06:00:52  SRC=192.168.1.50 DST=192.112.36.4   SPT=46555 DPT=53
06:00:52  SRC=192.168.1.50 DST=198.41.0.4   SPT=33321 DPT=53
06:00:52  SRC=192.168.1.50 DST=192.228.79.201   SPT=45726 DPT=53
06:00:52  SRC=192.168.1.50 DST=192.36.148.17   SPT=6811 DPT=53
06:00:52  SRC=192.168.1.50 DST=199.7.83.42   SPT=13807 DPT=53
06:00:52  SRC=192.168.1.50 DST=128.63.2.53   SPT=55510 DPT=53
06:00:52  SRC=192.168.1.50 DST=192.228.79.201   SPT=27830 DPT=53
06:00:52  SRC=192.168.1.50 DST=193.0.14.129   SPT=19506 DPT=53
06:00:52  SRC=192.168.1.50 DST=192.58.128.30   SPT=20844 DPT=53
06:00:52  SRC=192.168.1.50 DST=192.36.148.17   SPT=31693 DPT=53
06:00:53  SRC=192.168.1.50 DST=199.7.83.42   SPT=46785 DPT=53
06:00:53  SRC=192.168.1.50 DST=128.63.2.53   SPT=49488 DPT=53
06:00:53  SRC=192.168.1.50 DST=128.8.10.90   SPT=62935 DPT=53
06:00:53  SRC=192.168.1.50 DST=192.58.128.30   SPT=8769 DPT=53
06:00:53  SRC=192.168.1.50 DST=192.5.5.241   SPT=19689 DPT=53
06:00:53  SRC=192.168.1.50 DST=128.63.2.53   SPT=18285 DPT=53
06:00:53  SRC=192.168.1.50 DST=199.7.83.42   SPT=22997 DPT=53
06:00:53  SRC=192.168.1.50 DST=202.12.27.33   SPT=61972 DPT=53
06:00:53  SRC=192.168.1.50 DST=192.33.4.12   SPT=23651 DPT=53
06:00:53  SRC=192.168.1.50 DST=128.63.2.53   SPT=33819 DPT=53
06:00:53  SRC=192.168.1.50 DST=198.41.0.4   SPT=5852 DPT=53
06:00:53  SRC=192.168.1.50 DST=193.0.14.129   SPT=9720 DPT=53
06:00:53  SRC=192.168.1.50 DST=199.7.83.42   SPT=45944 DPT=53
06:00:54  SRC=192.168.1.50 DST=199.7.83.42   SPT=62623 DPT=53
06:00:54  SRC=192.168.1.50 DST=198.41.0.4   SPT=30344 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.58.128.30   SPT=25349 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.228.79.201   SPT=34951 DPT=53
06:00:54  SRC=192.168.1.50 DST=128.63.2.53   SPT=62061 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.228.79.201   SPT=49850 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.36.148.17   SPT=32196 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.228.79.201   SPT=53303 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.33.4.12   SPT=54871 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.203.230.10   SPT=60053 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.203.230.10   SPT=42931 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.5.5.241   SPT=7059 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.203.230.10   SPT=57563 DPT=53
06:00:54  SRC=192.168.1.50 DST=193.0.14.129   SPT=20980 DPT=53
06:00:54  SRC=192.168.1.50 DST=192.33.4.12   SPT=14150 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.33.4.12   SPT=22077 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.203.230.10   SPT=23110 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.58.128.30   SPT=7525 DPT=53
06:00:55  SRC=192.168.1.50 DST=128.63.2.53   SPT=31766 DPT=53
06:00:55  SRC=192.168.1.50 DST=193.0.14.129   SPT=37629 DPT=53
06:00:55  SRC=192.168.1.50 DST=202.12.27.33   SPT=24424 DPT=53
06:00:55  SRC=192.168.1.50 DST=198.41.0.4   SPT=60667 DPT=53
06:00:55  SRC=192.168.1.50 DST=128.63.2.53   SPT=45242 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.58.128.30   SPT=15477 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.33.4.12   SPT=7452 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.112.36.4   SPT=5871 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.36.148.17   SPT=62655 DPT=53
06:00:55  SRC=192.168.1.50 DST=192.5.5.241   SPT=14896 DPT=53
06:00:55  SRC=192.168.1.50 DST=128.8.10.90   SPT=52697 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.5.5.241   SPT=38819 DPT=53
06:00:56  SRC=192.168.1.50 DST=128.63.2.53   SPT=17024 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.112.36.4   SPT=5973 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.36.148.17   SPT=64759 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.33.4.12   SPT=20435 DPT=53
06:00:56  SRC=192.168.1.50 DST=193.0.14.129   SPT=35310 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.228.79.201   SPT=32227 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.5.5.241   SPT=22593 DPT=53
06:00:56  SRC=192.168.1.50 DST=193.0.14.129   SPT=16386 DPT=53
06:00:56  SRC=192.168.1.50 DST=192.112.36.4   SPT=47157 DPT=53
06:00:57  SRC=192.168.1.50 DST=128.63.2.53   SPT=42290 DPT=53
06:00:57  SRC=192.168.1.50 DST=192.5.5.241   SPT=32848 DPT=53
06:00:57  SRC=192.168.1.50 DST=192.112.36.4   SPT=48228 DPT=53
06:00:57  SRC=192.168.1.50 DST=192.33.4.12   SPT=48617 DPT=53
06:00:57  SRC=192.168.1.50 DST=202.12.27.33   SPT=37592 DPT=53
06:00:58  SRC=192.168.1.50 DST=192.5.5.241   SPT=65459 DPT=53
06:00:58  SRC=192.168.1.50 DST=128.63.2.53   SPT=2258 DPT=53
06:00:58  SRC=192.168.1.50 DST=193.0.14.129   SPT=10259 DPT=53
06:00:58  SRC=192.168.1.50 DST=192.36.148.17   SPT=56897 DPT=53
06:00:58  SRC=192.168.1.50 DST=192.33.4.12   SPT=44779 DPT=53
06:00:59  SRC=192.168.1.50 DST=128.8.10.90   SPT=23039 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.203.230.10   SPT=49569 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.33.4.12   SPT=15609 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.228.79.201   SPT=6135 DPT=53
06:00:59  SRC=192.168.1.50 DST=193.0.14.129   SPT=13349 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.36.148.17   SPT=34829 DPT=53
06:00:59  SRC=192.168.1.50 DST=128.63.2.53   SPT=36160 DPT=53
06:00:59  SRC=192.168.1.50 DST=198.41.0.4   SPT=36320 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.36.148.17   SPT=21917 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.5.5.241   SPT=31052 DPT=53
06:00:59  SRC=192.168.1.50 DST=128.63.2.53   SPT=10847 DPT=53
06:00:59  SRC=192.168.1.50 DST=202.12.27.33   SPT=8322 DPT=53
06:00:59  SRC=192.168.1.50 DST=198.41.0.4   SPT=53666 DPT=53
06:00:59  SRC=192.168.1.50 DST=198.41.0.4   SPT=47968 DPT=53
06:00:59  SRC=192.168.1.50 DST=199.7.83.42   SPT=42345 DPT=53
06:00:59  SRC=192.168.1.50 DST=193.0.14.129   SPT=5181 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.58.128.30   SPT=62363 DPT=53
06:00:59  SRC=192.168.1.50 DST=198.41.0.4   SPT=43766 DPT=53
06:00:59  SRC=192.168.1.50 DST=128.63.2.53   SPT=41303 DPT=53
06:00:59  SRC=192.168.1.50 DST=202.12.27.33   SPT=14575 DPT=53
06:00:59  SRC=192.168.1.50 DST=192.5.5.241   SPT=51496 DPT=53
06:01:00  SRC=192.168.1.50 DST=192.203.230.10   SPT=41155 DPT=53
06:01:00  SRC=192.168.1.50 DST=192.33.4.12   SPT=57072 DPT=53
06:01:00  SRC=192.168.1.50 DST=192.36.148.17   SPT=7387 DPT=53
06:01:00  SRC=192.168.1.50 DST=192.228.79.201   SPT=2487 DPT=53
06:01:00  SRC=192.168.1.50 DST=192.5.5.241   SPT=41810 DPT=53
06:01:00  SRC=192.168.1.50 DST=128.63.2.53   SPT=31148 DPT=53
06:01:00  SRC=192.168.1.50 DST=199.7.83.42   SPT=65263 DPT=53
06:01:00  SRC=192.168.1.50 DST=193.0.14.129   SPT=24920 DPT=53
06:01:00  SRC=192.168.1.50 DST=192.228.79.201   SPT=24590 DPT=53
06:01:00  SRC=192.168.1.50 DST=198.41.0.4   SPT=44655 DPT=53
06:01:01  SRC=192.168.1.50 DST=192.203.230.10   SPT=58675 DPT=53
06:01:01  SRC=192.168.1.50 DST=198.41.0.4   SPT=42915 DPT=53
06:01:01  SRC=192.168.1.50 DST=192.58.128.30   SPT=57373 DPT=53
06:01:02  SRC=192.168.1.50 DST=192.228.79.201   SPT=1414 DPT=53
06:01:03  SRC=192.168.1.50 DST=192.5.5.241   SPT=6129 DPT=53
06:01:03  SRC=192.168.1.50 DST=198.41.0.4   SPT=64186 DPT=53
06:01:03  SRC=192.168.1.50 DST=192.33.4.12   SPT=19833 DPT=53
06:01:03  SRC=192.168.1.50 DST=192.5.5.241   SPT=12544 DPT=53
06:01:03  SRC=192.168.1.50 DST=128.63.2.53   SPT=62218 DPT=53
06:01:03  SRC=192.168.1.50 DST=192.5.5.241   SPT=12376 DPT=53
06:01:03  SRC=192.168.1.50 DST=128.8.10.90   SPT=49535 DPT=53
06:01:04  SRC=192.168.1.50 DST=192.36.148.17   SPT=15650 DPT=53
06:01:04  SRC=192.168.1.50 DST=199.7.83.42   SPT=12636 DPT=53
06:01:04  SRC=192.168.1.50 DST=128.63.2.53   SPT=26987 DPT=53
06:01:04  SRC=192.168.1.50 DST=128.8.10.90   SPT=57164 DPT=53
06:01:04  SRC=192.168.1.50 DST=202.12.27.33   SPT=25594 DPT=53
06:01:04  SRC=192.168.1.50 DST=192.112.36.4   SPT=10318 DPT=53
06:01:04  SRC=192.168.1.50 DST=192.58.128.30   SPT=5776 DPT=53
06:01:04  SRC=192.168.1.50 DST=199.7.83.42   SPT=12098 DPT=53
06:01:04  SRC=192.168.1.50 DST=128.8.10.90   SPT=60414 DPT=53
06:01:04  SRC=192.168.1.50 DST=192.58.128.30   SPT=59531 DPT=53
06:01:05  SRC=192.168.1.50 DST=198.41.0.4   SPT=56295 DPT=53
06:01:05  SRC=192.168.1.50 DST=199.7.83.42   SPT=21073 DPT=53
06:01:05  SRC=192.168.1.50 DST=202.12.27.33   SPT=43278 DPT=53
06:01:05  SRC=192.168.1.50 DST=198.41.0.4   SPT=10912 DPT=53
06:01:05  SRC=192.168.1.50 DST=192.112.36.4   SPT=41053 DPT=53
06:01:05  SRC=192.168.1.50 DST=192.58.128.30   SPT=28320 DPT=53
06:01:06  SRC=192.168.1.50 DST=199.7.83.42   SPT=56491 DPT=53
06:01:06  SRC=192.168.1.50 DST=192.58.128.30   SPT=11937 DPT=53
06:01:06  SRC=192.168.1.50 DST=192.112.36.4   SPT=31924 DPT=53
06:01:06  SRC=192.168.1.50 DST=202.12.27.33   SPT=23757 DPT=53
06:01:06  SRC=192.168.1.50 DST=192.33.4.12   SPT=22851 DPT=53
06:01:06  SRC=192.168.1.50 DST=192.33.4.12   SPT=38473 DPT=53
06:01:07  SRC=192.168.1.50 DST=193.0.14.129   SPT=51376 DPT=53
06:01:07  SRC=192.168.1.50 DST=192.228.79.201   SPT=63685 DPT=53
06:01:07  SRC=192.168.1.50 DST=192.58.128.30   SPT=35369 DPT=53
06:01:07  SRC=192.168.1.50 DST=128.8.10.90   SPT=34442 DPT=53
06:01:08  SRC=192.168.1.50 DST=128.8.10.90   SPT=24385 DPT=53
06:01:08  SRC=192.168.1.50 DST=128.63.2.53   SPT=1230 DPT=53
06:01:08  SRC=192.168.1.50 DST=202.12.27.33   SPT=56606 DPT=53
06:01:08  SRC=192.168.1.50 DST=192.58.128.30   SPT=62848 DPT=53
06:01:08  SRC=192.168.1.50 DST=192.36.148.17   SPT=17402 DPT=53
06:01:08  SRC=192.168.1.50 DST=199.7.83.42   SPT=50080 DPT=53
06:01:08  SRC=192.168.1.50 DST=202.12.27.33   SPT=33339 DPT=53
06:01:08  SRC=192.168.1.50 DST=192.33.4.12   SPT=2118 DPT=53
06:01:08  SRC=192.168.1.50 DST=192.33.4.12   SPT=14643 DPT=53
06:01:15  SRC=192.168.1.50 DST=128.63.2.53   SPT=52722 DPT=53
06:01:19  SRC=192.168.1.50 DST=192.228.79.201   SPT=23092 DPT=53
06:01:19  SRC=192.168.1.50 DST=192.203.230.10   SPT=21380 DPT=53
06:01:19  SRC=192.168.1.50 DST=192.36.148.17   SPT=3153 DPT=53
06:01:19  SRC=192.168.1.50 DST=192.58.128.30   SPT=61729 DPT=53
06:01:19  SRC=192.168.1.50 DST=192.58.128.30   SPT=55752 DPT=53
06:01:19  SRC=192.168.1.50 DST=192.36.148.17   SPT=57145 DPT=53
06:01:19  SRC=192.168.1.50 DST=128.8.10.90   SPT=19637 DPT=53
06:01:20  SRC=192.168.1.50 DST=192.58.128.30   SPT=63734 DPT=53
06:01:20  SRC=192.168.1.50 DST=192.112.36.4   SPT=27109 DPT=53
06:01:20  SRC=192.168.1.50 DST=192.203.230.10   SPT=8454 DPT=53
06:01:20  SRC=192.168.1.50 DST=198.41.0.4   SPT=22711 DPT=53
06:01:20  SRC=192.168.1.50 DST=192.203.230.10   SPT=7018 DPT=53
06:01:21  SRC=192.168.1.50 DST=128.8.10.90   SPT=32289 DPT=53
06:01:21  SRC=192.168.1.50 DST=192.203.230.10   SPT=5831 DPT=53
06:01:21  SRC=192.168.1.50 DST=199.7.83.42   SPT=32516 DPT=53
06:01:22  SRC=192.168.1.50 DST=128.8.10.90   SPT=1451 DPT=53
06:01:22  SRC=192.168.1.50 DST=199.7.83.42   SPT=42080 DPT=53
06:01:23  SRC=192.168.1.50 DST=128.63.2.53   SPT=63390 DPT=53
06:01:23  SRC=192.168.1.50 DST=192.203.230.10   SPT=24114 DPT=53
06:01:24  SRC=192.168.1.50 DST=192.33.4.12   SPT=8596 DPT=53
06:01:24  SRC=192.168.1.50 DST=202.12.27.33   SPT=12546 DPT=53
06:01:24  SRC=192.168.1.50 DST=128.8.10.90   SPT=14883 DPT=53
06:01:24  SRC=192.168.1.50 DST=192.228.79.201   SPT=35858 DPT=53
06:01:24  SRC=192.168.1.50 DST=192.33.4.12   SPT=52536 DPT=53
06:01:24  SRC=192.168.1.50 DST=192.58.128.30   SPT=64308 DPT=53
06:01:25  SRC=192.168.1.50 DST=193.0.14.129   SPT=44012 DPT=53
06:01:25  SRC=192.168.1.50 DST=128.8.10.90   SPT=5653 DPT=53
06:01:25  SRC=192.168.1.50 DST=128.8.10.90   SPT=15318 DPT=53
06:01:25  SRC=192.168.1.50 DST=192.58.128.30   SPT=55710 DPT=53

I don't get any hits the rest of the day, but I sure wish I knew what was going on here.  Any tips or clues would be appreciated.

[Stefano]

hi

don't worry about it.. it's normal traffic.. as you've pointed, it's DNS traffic.. it's your SME that makes dns requests..

configure your firewall not to block outgoing traffic directed to *.*.*.*:53 udp coming from SME

Ciao
Stefano

[LANMonkey]

That sounds reasonable. 

Just out of curiosity, why is SME making all of those inquiries and why all the different ports?  Some of them are to the same IP and port, but from a different port.  Why is that?

[CharlieBrady]

That sounds reasonable. 

Just out of curiosity, why is SME making all of those inquiries and why all the different ports?  Some of them are to the same IP and port, but from a different port.  Why is that?

dnscache is contacting the root name servers as the first step in resolving a DNS query.

Randomisation of the source port is a necessary security feature.

Google for "DNS random source port" and you will find out what happens if the resolver does not use a random port number.

[LANMonkey]

Once again I am getting voluminous hits against the firewall from SME, but this time instead of DNS port 53 being the target, the target is port 80 for HTTP.  What's going on here?  Should I allow this too?

[CharlieBrady]

Once again I am getting voluminous hits against the firewall from SME, but this time instead of DNS port 53 being the target, the target is port 80 for HTTP.  What's going on here?  Should I allow this too?

Get rid of your firewall. SME server doesn't need a firewall between it and the Internet.

[LANMonkey]

Get rid of your firewall. SME server doesn't need a firewall between it and the Internet.

That's a pretty dramatic claim.  Could you explain that?  It would also help if you could explain why SME wants to access HTTP pages on its own.

[CharlieBrady]

That's a pretty dramatic claim.  Could you explain that?

SME server is designed to sit right on the Internet. Many, many thousands of servers are so situated.

It would also help if you could explain why SME wants to access HTTP pages on its own.

yum and clamav updates.

[LANMonkey]

I supposed that's right.  You can configure SME to be a firewall itself.  I am in server only mode.

I am running another Linux distro as my router, called Smoothwall Express.  I wonder if I can make SME run like Smoothwall and especially with the multiple LAN ports isolating a "DMZ" zone.

[cactus]

I am running another Linux distro as my router, called Smoothwall Express.  I wonder if I can make SME run like Smoothwall and especially with the multiple LAN ports isolating a "DMZ" zone.

No.