On Tuesday 04 February 2003 06:15 pm, Chris Low wrote: > My log file from Dachstein is getting packed with messages like this: > > Feb 4 17:29:52 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17 > 10.10.10.2:4813 10.0.0.14:161 L=84 S=0x00 I=58236 F=0x0000 T=128 (#39)
This is a machine broadcasting/requesting SNMP service. Are one of your boxes managing the ouside router or being polled for SNMP info? > Feb 4 17:30:11 Nimrod kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.1.1:520 192.168.1.255:520 L=72 S=0x00 I=14429 F=0x0000 T=48 (#38) > Feb 4 17:30:37 Nimrod kernel: Packet log: input DENY eth0 PROTO=17 This is the RIP routing protocol. Either someone is spewing wireless packets out their external interface (as M$ "firewalls" do) or the outside router from your ISP is spewing out the requests on it's "internal" interface. I'd ask your ISP about this one. > I've searched the archives and know enough to tell that it's traffic from > an internal machine (10.10.10.2) to eth1 ont he firewall, and from our > ISP's router (192.168.1.1) to eth0 on the firewall, but what else does it > all mean and is it important? If it isn't important how do I turn off > logging for these rules? RIP is harmless to you since it's blocked and the concern with SNMP on your internal machine lies in why it's running SNMP (and to where???). To stop logging these packets, find (all) the applicable places where these are DENY'ed are get rid of the "-l" (for logging) in the rule(s). -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
