My log file from Dachstein is getting packed with messages like this:
Feb 4 17:29:52 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17
10.10.10.2:4813 10.0.0.14:161 L=84 S=0x00 I=58236 F=0x0000 T=128 (#39)
Feb 4 17:29:52 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17
10.10.10.2:4814 10.0.0.14:161 L=84 S=0x00 I=58492 F=0x0000 T=128 (#39)
Feb 4 17:30:11 Nimrod kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:520 192.168.1.255:520 L=72 S=0x00 I=14429 F=0x0000 T=48 (#38)
Feb 4 17:30:37 Nimrod kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:520 192.168.1.255:520 L=72 S=0x00 I=14438 F=0x0000 T=48 (#38)
Feb 4 17:30:52 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17
10.10.10.2:4816 10.0.0.14:161 L=84 S=0x00 I=60028 F=0x0000 T=128 (#39)
Feb 4 17:30:52 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17
10.10.10.2:4817 10.0.0.14:161 L=84 S=0x00 I=60284 F=0x0000 T=128 (#39)
Feb 4 17:30:53 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17
10.10.10.2:4817 10.0.0.14:161 L=89 S=0x00 I=60540 F=0x0000 T=128 (#39)
The input rules 38 and 39 are:
259 18648 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
2163 185K REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 161:162
I've searched the archives and know enough to tell that it's traffic from
an internal machine (10.10.10.2) to eth1 ont he firewall, and from our
ISP's router (192.168.1.1) to eth0 on the firewall, but what else does it
all mean and is it important? If it isn't important how do I turn off
logging for these rules?
This is a brand new installation of Dachstein running for about an hour.
Need to know anything else, just ask.
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
- Re: [leaf-user] Log Interpretation Please Chris Low
- Re: [leaf-user] Log Interpretation Please Lynn Avants
- Re: [leaf-user] Log Interpretation Please Chris
- Re: [leaf-user] Log Interpretation Please Brad Fritz
- Re: [leaf-user] Log Interpretation Please Lynn Avants
- Re: [leaf-user] Log Interpretation Please Chris Low
- Re: [leaf-user] Log Interpretation Ple... Lynn Avants
- Re: [leaf-user] Log Interpretation Please Ray Olszewski
