How to get rid of this firewall error.
in [Debian]
|
Prev: Keyboard text - how get basic encoding? Not US-Intl? "%20" not space. Where change after install? KUbuntu ; jor Debian
Next: Testing: Weekly Build - 7/26/2010
From: Ramasubramanian Ramesh on 29 Jul 2010 21:10 Hi: My syslog and console window is repeatedly printing the follwing message from my firewall setup. I cannot figure out which program or service is printing this message. My first preference is to modify the source behavior. The second choice is to stop printing the message. I guess I could edit the firewall script. But, I like to get some expert feedback before I proceed this way. Thanks Ramesh -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C522072.2070303(a)ti.com
From: Ramasubramanian Ramesh on 29 Jul 2010 21:20 It would have helped if I actually include the message :-) Here it is: [2709614.616138] IN=eth1 OUT= MAC=00:16:e6:84:37:c5:00:0f:db:5c:a0:58:08:00 SRC=192.168.1.1 DST=192.168.1.47 LEN=36 TOS=0x00 PREC=0x00 TTL=64 ID=37027 PROTO=ICMP TYPE=8 CODE=0 ID=60352 SEQ=0 192.168.1.47 is my firewall connected to the DSL modem/router (which I think must be 192.168.1.1) Ramesh Ramasubramanian Ramesh wrote: > Hi: > > My syslog and console window is repeatedly printing the follwing > message from my firewall setup. I cannot figure out which program or > service is printing this message. My first preference is to modify the > source behavior. The second choice is to stop printing the message. > I guess I could edit the firewall script. But, I like to get some > expert feedback before I proceed this way. > > Thanks > Ramesh -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C5221A8.2090406(a)ti.com
From: Mart Frauenlob on 30 Jul 2010 00:40 On 30.07.2010 02:49, Ramasubramanian Ramesh wrote: > It would have helped if I actually include the message :-) Here it is: > > [2709614.616138] IN=eth1 OUT= > MAC=00:16:e6:84:37:c5:00:0f:db:5c:a0:58:08:00 SRC=192.168.1.1 > DST=192.168.1.47 LEN=36 TOS=0x00 PREC=0x00 TTL=64 ID=37027 PROTO=ICMP > TYPE=8 CODE=0 ID=60352 SEQ=0 > > 192.168.1.47 is my firewall connected to the DSL modem/router (which I > think must be 192.168.1.1) > > Ramesh > > > Ramasubramanian Ramesh wrote: >> Hi: >> >> My syslog and console window is repeatedly printing the follwing >> message from my firewall setup. I cannot figure out which program or >> service is printing this message. My first preference is to modify the >> source behavior. The second choice is to stop printing the message. >> I guess I could edit the firewall script. But, I like to get some >> expert feedback before I proceed this way. >> >> Thanks >> Ramesh > > top posting - iihh ugly ;-p well, it's the netfilter code from the kernel instructed by an iptables rule, that spits out that message. most likely this is a message informing you about a blocked packet. the question is: who/what set this iptables rule to tell the kernel to discard such packets? my cristal ball is currently somehow foggy, so I can't tell. maybe you know what firewall frontend you are using? what to do? well - to prohibit logging of those packets in the short term a rule like this may do the job: iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP for the long term: learn how to configure your firewall frontend or iptables. but it's you modem/router right? so it might just check if you online. so it could be a 'good packet', which you might want to accept. - same thing as above just with the ACCEPT target. best regards Mart -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C5255BE.3020205(a)chello.at
From: Ramasubramanian Ramesh on 30 Jul 2010 01:20 > > top posting - iihh ugly ;-p > > > well, it's the netfilter code from the kernel instructed by an > iptables rule, that spits out that message. > most likely this is a message informing you about a blocked packet. > > the question is: who/what set this iptables rule to tell the kernel to > discard such packets? > my cristal ball is currently somehow foggy, so I can't tell. > maybe you know what firewall frontend you are using? > > what to do? > > well - to prohibit logging of those packets in the short term a rule > like this may do the job: > iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP > > for the long term: > learn how to configure your firewall frontend or iptables. > > but it's you modem/router right? > > so it might just check if you online. so it could be a 'good packet', > which you might want to accept. - same thing as above just with the > ACCEPT target. > best regards > > Mart > > My mail tool some times refuses to bottom post, especially, when I reply to myself. I have to jump through hoops and some time it is easier to submit to its demands :-) Agreed. I set up the tables to drop and log messages whenever an unsolicited message comes from outside. But, I did not think I setup the router to send periodic pings. I guess the verizon router (yes, it is mine because verizon gave it to me free) does that because it is windows centric and it likes to by user friendly by inquiring "are you there? I greet you, etc." It may be a good packet or it may be a bad packet. I still do not want to look at unsolicited packets. I am worried that some one from outside can spoof as my router. I will just drop this specific packet without logging it. Specifically, what does icmp_type = 8 mean? Ramesh -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C525C93.4010006(a)ti.com
From: R. Ramesh on 30 Jul 2010 02:00
Ramasubramanian Ramesh wrote: >> >> top posting - iihh ugly ;-p >> >> well, it's the netfilter code from the kernel instructed by an >> iptables rule, that spits out that message. >> most likely this is a message informing you about a blocked packet. >> the question is: who/what set this iptables rule to tell the kernel >> to discard such packets? >> my cristal ball is currently somehow foggy, so I can't tell. >> maybe you know what firewall frontend you are using? >> >> what to do? >> well - to prohibit logging of those packets in the short term a >> rule like this may do the job: >> iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP >> >> for the long term: >> learn how to configure your firewall frontend or iptables. >> >> but it's you modem/router right? >> so it might just check if you online. so it could be a 'good >> packet', which you might want to accept. - same thing as above just >> with the ACCEPT target. >> best regards >> >> Mart >> >> > My mail tool some times refuses to bottom post, especially, when I > reply to myself. I have to jump through hoops and some time it is > easier to submit to its demands :-) > > Agreed. I set up the tables to drop and log messages whenever an > unsolicited message comes from outside. But, I did not think > I setup the router to send periodic pings. I guess the verizon router > (yes, it is mine because verizon gave it to me free) does that because > it is windows centric and it likes to by user friendly by inquiring > "are you there? I greet you, etc." > > It may be a good packet or it may be a bad packet. I still do not want > to look at unsolicited packets. I am worried that some one from > outside can spoof as my router. I will just drop this specific packet > without logging it. > > Specifically, what does icmp_type = 8 mean? > > Ramesh > > > > > My bad, I googled icmp_type 8. It seems harmless and required to be implemented. So I am going to accept. After filtering out this one, I notice another one coming from my own firewall and need to figure out who is sending it. [2731831.967429] IN=eth1 OUT= MAC= SRC=192.168.1.47 DST=192.168.1.255 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=213 I think this from my nmbd on the outgoing port. I am going to investigate interfaces option in smb.conf. Please tell me if I am on the wrong path. Ramesh -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C526491.20700(a)verizon.net |