Hi, Few days ago i sent an email that i am receiving incorrect ICMP types in my logs.
This is my current setup kernel-2.4.18 with prepatch 2.4.19-7 Netfilter version pulled from CVS on April 19th. I am compiling all the required modules with in the kernel. For logging purpose i am using ULOG target and ulogd daemon. First i thought that i have done something wrong, but when i used only the LOG target i rcvd the correct ICMP type but when ever i used the ULOG target i rcvd the incorrect ICMP types. Now i am sure that its the ULOG target. Problem could be anywhere, Ulog daemon, Syslog emulator ( Ulog daemon library for emulating syslog type logging) or ULOG target itself in the Netfilter. These are my results when ever i am using ULOG target for logging. Apr 22 02:06:51 I/P not on this F/W: IN=eth0 OUT=MAC=00:01:4b:12:27:13:00:50:54:7f:fa:35:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=84 TOS=00 PREC=0x00 TTL=49 ID=0 DF PROTO=ICMP TYPE=109 CODE=111 Apr 22 02:06:52 I/P not on this F/W: IN=eth0 OUT= MAC=00:10:4b:12:27:13:00:50:54:7f:fa:35:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=84 TOS=00 PREC=0x00 TTL=49 ID=0 DF PROTO=ICMP TYPE=109 CODE=111 This is what i get when i sent echo-request to the the firewall and this is not consistent, when i tried it after some time i rcvd different ICMP type and CODE And these are the results with the LOG target Apr 22 12:15:54 Not allowed thru this fw: IN=eth0 OUT=eth0 SRC=203.199.107.187 DST=xxx.xxx.xxx.xxx LEN=84 TOS=0x00 PREC=0x00 TTL=58 ID=2923 PROTO=ICMP TYPE=8 CODE=0 ID=43521 SEQ=5331 Apr 22 12:15:58 IN=eth0 OUT=eth0 SRC=64.94.69.230 DST=xxx.xxx.xxx.xxx LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1754 SEQ=39607 Can some take a look at this Bug please!!! Thanks a lot Subodh Shrivastava BTW Netfilter is great and simple to use keep up the good work!!! __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/
