My personal system is connected to the Internet via an ADSL router which
doesn't give me any information about what doesn't get through. 

However I recently helped a friend setup a Debian box to act as firewall/router
between his cable modem and local LAN, which has given me access to a lot
more detail...

The system is a Debian Etch 40r3 netinstall with Shorewall used to configure
an iptables firewall/router. The hardware has two ethernet interfaces, eth0
connects to the cable modem, eth1 connects to the local lan..

The problem I am having is that the messages from the firewall really
flood /var/log/messages to the point where I am concerned they may cause
me to miss other important things.

My rules file is setup with:
ACCEPT  net             fw              tcp     22
ACCEPT  net             fw              icmp
DROP    net             fw              udp     1026:1029

where the list line was to filter out the most frequent messages, but
I am not really sure what, if any, rejected connections/packets I
should be looking out for, and what should just be ignored...

Perhaps I should redirect the firewall logs to a separate file? Or
just stick my head in the sand and log nothing - which is presumably
the situation with my dsl router..

Here is an example of the last dozen or so messages in the log:
 DF PROTO=TCP SPT=1739 DPT=2933 WINDOW=65535 RES=0x00 SYN URGP=0 
Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=125.45.93.1 DST=81.105.30.126 
LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=44567 DF PROTO=TCP SPT=12200 DPT=1080 
WINDOW=8192 RES=0x00 SYN URGP=0 
Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=71.156.118.7 
DST=81.105.30.126 LEN=48 TOS=0x00 PREC=0x20 TTL=116 ID=17119 DF PROTO=TCP 
SPT=3968 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 
Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=71.156.118.7 
DST=81.105.30.126 LEN=48 TOS=0x00 PREC=0x20 TTL=116 ID=18256 DF PROTO=TCP 
SPT=3968 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 
Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=88.109.202.188 
DST=81.105.30.126 LEN=58 TOS=0x00 PREC=0x00 TTL=119 ID=4407 PROTO=UDP SPT=8184 
DPT=2933 LEN=38 
Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=88.109.202.188 
DST=81.105.30.126 LEN=58 TOS=0x00 PREC=0x00 TTL=119 ID=4409 PROTO=UDP SPT=8184 
DPT=2933 LEN=38 
Shorewall:net2all:DROP:IN=eth0 OUT= 
MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=88.109.202.188 
DST=81.105.30.126 LEN=58 TOS=0x00 PREC=0x00 TTL=119 ID=4410 PROTO=UDP SPT=8184 
DPT=2933 LEN=38 

Is this normal? Anyone know where all this rejected traffic represents?

Regards,
DigbyT


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to