-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have sent this to the linux-kernel mailing list, and Nathan
Thompson has gratefully run over many possibilities with me. I have
not been able to configure my firewall to not DENY the packets that
are being denied (read the message to understand).
If anybody can help me, I would be eternally grateful. I have at
least 40k of logs each morning to run through, because of what is
happening. What should take me 10 minutes is taking over an hour of
work.
Thanks in advance,
Damian Gerow
Developer, Linux Systems Administrator
Intellitactics, Inc.
- ------------------------------ begin original e-mail
- ------------------------------
[ Please note that I am not subscribed to the mailing list - if you
can, please CC a response to: [EMAIL PROTECTED] ]
I am having a minor problem with kernel 2.2.14.
We have a forwarding firewall set up with an external IP address of
207.139.193.46, and an internal ip of 207.176.252.1 on a class C
network. Firewall rules are somewhat strict, but not obsessively so.
The problem lies within logging. I tend to log everything that is
denied or rejected, which has resulted in absurdly large log files in
the past few weeks because of a network mapping package (IP
207.139.193.66) set up by our ISP. It sends out SNMP requests to
each IP on all networks it is connected to, and if these requests
fail, it relies on ICMP. I have allowed all ICMP from this computer
in without a problem, but am having problems with SNMP. For some
reason, all SNMP packets that are sent to 207.176.252.1 are DENYed,
and subsequently logged. Here are all applicable firewalling rules:
ipchains -F input
ipchains -F forward
ipchains -P forward DENY
ipchains -A input -p udp -s 207.139.193.66 -d 207.139.193.46 161 -j
ACCEPT
ipchains -A forward -p udp -s 207.139.193.66 -d 207.176.252.0/24 161
- -j ACCEPT
ipchains -A input -p udp -s 207.139.193.66 -d 207.176.252.1 161 -j
ACCEPT
Here is a section of the packets logged:
Apr 5 15:56:08 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP
207.139.193.66:46670 207.176.252.1:161 L=77:57 S=0x00 I=15014 T=62
Apr 5 15:56:19 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP
207.139.193.66:46714 207.176.252.1:161 L=77:57 S=0x00 I=15018 T=62
Apr 5 15:56:30 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP
207.139.193.66:46766 207.176.252.1:161 L=77:57 S=0x00 I=28079 T=62
[ Taking out the last rule gives no different result ]
The firewall is running on 2.2.14, with the OpenWall v1 patch and a
Linux TCP/IP stack patch (http://www.innu.org/~sean) applied*, as a
SCSI-only system. Modules inserted are: ide-disk, ide-mod, acm, and
3c59x. The two network cards are both 3Com 3C905C cards.
If anyone can help me with this, I would greatly appreciate it. If
more information is needed, I will gladly supply it.
* - He has recieved a copy of this as well.
- ------------------------------ end original e-mail
- ------------------------------
The only person who has offered assistance is the aforementioned
Nathan. He and I could not figure this out. I have yet to recieve a
response from Sean at www.innu.org.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOOzuIPWPEBDMsfC4EQJ3eACfYCEZ/Q5bEPaLnbAOUliBERLwFSAAn097
rbL8oqXpWy74Rk/18eYIZmgH
=hljA
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
