On Sat, May 10, 2008 at 08:02:09PM -0500, Dennis Wicks wrote: > I have just noticed that syslog on my firewall contains > hundreds if not thousands of messages like this. > > Do they indicate an error of some kind? > > If not, how do I turn them off? > > kernel: BANDWIDTH_IN:IN=eth1 OUT= > MAC=00:10:b5:bf:2f:3c:00:0c:f1:a2:cf:0e:08:00 > SRC=192.168.1.1 DST=192.168.10.1 LEN=61 TOS=0x00 > PREC=0x00 TTL=64 ID=48305 DF PROTO=UDP SPT=43182 DPT=53 > LEN=41
Lets break this down. Your firewall (whatever software you use only configures the kernel iptables which then does the logging) is logging these because there's a rule to log packets like this. This packet came from 192.168.1.1 and went to 192.168.10.1 This suggests that this is to and from one of your own boxes since 192.168 is a local IP set. The protocol is UDP and the destination port is 53. /etc/services shows that UDP/53 is a DNS server. Do you have a DNS server running on box 192.168.10.1? Do you have 192.168.1.1 configured to send DNS requests to 192.168.10.1? If the network is working, it suggests that you have your firewall configured to pass these packets but to log them. Given that anything you do that uses a hostname or domain name will generate a DNS request, I can imaging that your logs would fill up with this. If this seems like the correct scenario, you only have to fix your firewall's rules. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
