Why is an interface not assigned to PMS getting traffic?

Why is an interface not assigned to PMS getting traffic?

Postby Schorschi » Wed Dec 14, 2011 7:37 am

Why is an interface not assigned to PMS getting traffic? I think this might be a bug? I have a CentOS box that is somewhat hardened. To be honest I am still validating the ip tables configuration, but right now it is locked down pretty tight. And, as such, I noticed the following in the log from ip tables service, over and over...

Dec 13 22:12:39 CentOS-x64 kernel: IP Table Rule OUTPUT Drop: IN= OUT=eth0 SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=29504 DF PROTO=TCP SPT=50001 DPT=52148 WINDOW=6432 RES=0x00 ACK URGP=0

The .71 address is the specific IP assigned to PMS, the .17 is the client (XBMC in this case), the port assgined to PMS is 50001 (not the default of 5001), and the assigned interface is eth1, not eth0. So, my hardened ip tables configuration is correctly blocking any 50001 targeted (PMS) traffic that appears on eth0. But why is any traffic happening on any interface other than the interface assigned to PMS? I should never see in the log, any dropped packets with port 50001, eth0, period, per my understanding based on the above configuration as defined. It appears, that PMS is sending traffic out every interface, given my CentOS has 2 NICs (eth0, and eth1). If this is true, ugly, that is a lot of junk traffic when PMS is doing any work, never mind being idle which in this case PMS was idle, no active trascoding or streaming. I suspect this might be the client discovery generated by PMS?

If I somehow am missing reading the above dropped packet logged results, please explain. I have been searching for any reason why my PMS playback to my TV (DLNA), Xbox360, etc. all have chop/stutter playback at even 720p, never mind 1080p, and I get random freezes 3 to 7 minutes into playing anything that is 720p or more. The 100mb NICs on the Xbox360 and DLNA enabled TV should not have any issues with 720p, unless there is a lot of junk traffic on the local network, and above could be some of this junk traffic, no?
