For some time my logs have been filling up with entries for traffice
attempts between my internal network and the firewall. I am running a
more or less stock Bering 1.0 Stable release with additions to boot from
a CD and with samba for use as a small file server.
The log entries are :
| Feb 15 06:42:02 markii syslogd 1.3-3#31.slink1: restart.
Feb 15 06:42:11 markii kernel: Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.1.254 DST=192.168.1.6 LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=52710 DF PROTO=UDP SPT=67 DPT=68 LEN=308
|| Feb 15 06:55:14 markii kernel: Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.1.254 DST=192.168.1.3 LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=32666 DF PROTO=UDP SPT=67 DPT=68 LEN=308
|| Feb 15 07:13:17 markii kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=
MAC=00:a0:c9:86:30:05:00:50:2c:05:65:5a:08:00 SRC=192.168.1.1
DST=192.168.1.254 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=9121 PROTO=UDP
SPT=68 DPT=67 LEN=308
Feb 15 07:13:17 markii kernel: Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.1.254 DST=192.168.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=28908 DF PROTO=UDP SPT=67 DPT=68 LEN=308
ETC... I have posted traffic containing info for two clients but I see
this for all local machines.
All the clients are Win boxen. I have configured /etc/dhcpd.conf as
follows to allow the use of dhcp and still have the base IP addresses be
fixed.
|subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name "private.network";
option domain-name-servers 192.168.1.254;
range 192.168.1.10 192.168.1.100;
host coventry {
hardware ethernet 00:50:2C:05:65:5A;
fixed-address 192.168.1.1;
}
host xkss {
hardware ethernet 00:A0:4C:39:0B:CC;
fixed-address 192.168.1.3;
}
host xke {
hardware ethernet 00:B0:4C:39:0C:9A;
fixed-address 192.168.1.4;
}
My shorewall rules file looks like:
DROP net fw tcp 67,68
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Bering specific rules:
# allow loc to fw udp/53 for dnscache to work
# allow loc to fw tcp/80 for weblet to work
#
ACCEPT loc fw udp 53
ACCEPT loc fw tcp 80
#
#Enable Samba Ports
#
ACCEPT loc fw udp 137,138
ACCEPT loc fw tcp 139
DHCP seems to work OK but do I need to add rules like:
ACCEPT loc fw tcp 67,68
ACCEPT fw loc tcp 67,68
Or should I just:
DROP loc fw tcp 67,68
DROP fw loc tcp 67,68
Thank you,
Kory Krofft
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
- Re: [leaf-user] Log entry questions Kory Krofft
- Re: [leaf-user] Log entry questions Tom Eastep
- Re: [leaf-user] Log entry questions Kory Krofft
