Hello Please cc all replies to me.
After upgrading my little NATting firewall/router from 2.6.7-ck4 to 2.6.10-gentoo-r6 my /var/log/messages is 15MB in size and most of it looks like the text below. All traffic to the Internet seems to cause this. "cat /var/log/messages | uniq | uniqmessages" results in a 3MB file. I use syslog-ng. Iptables setup script further down. Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2 My firewall setup looks like: IPTABLES=/sbin/iptables MODPROBE=/sbin/modprobe DEPMOD=/sbin/depmod EXTIF="ippp2" INTIF="eth0" KAKKOSIF="eth1" $DEPMOD -a $MODPROBE ip_tables #$MODPROBE ip_conntrack #In the kernel $MODPROBE ip_conntrack_ftp $MODPROBE iptable_nat $MODPROBE ip_nat_ftp echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr #echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -o $KAKKOSIF -m state --state \ ESTABLISHED,RELATED -j ACCEPT # RJ-45 $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \ ESTABLISHED,RELATED -j ACCEPT # BNC segment $IPTABLES -A FORWARD -i $KAKKOSIF -o $EXTIF -j ACCEPT # RJ-45 $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT # BNC segment $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE $IPTABLES -A FORWARD -j LOG exit 0 -Kimmo S. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/