Re: logged packets - why?
On Mon, Sep 25, 2000 at 12:57:30PM +0200, Mirek Kwasniak wrote: > > But, I could be wrong and not know about some switches. Haven't > > really looked into it, I must admit. > It shows with --verbose :) > or in short form: ipchains -vL or -nvL Learn minimally one new thing on one of the debian-* mailing lists daily. :) Thanks Sven -- Have you rebooted your NT box today?
Re: logged packets - why?
On Mon, Sep 25, 2000 at 12:57:30PM +0200, Mirek Kwasniak wrote: > > But, I could be wrong and not know about some switches. Haven't > > really looked into it, I must admit. > It shows with --verbose :) > or in short form: ipchains -vL or -nvL Learn minimally one new thing on one of the debian-* mailing lists daily. :) Thanks Sven -- Have you rebooted your NT box today? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logged packets - why?
On Sun, Sep 24, 2000 at 03:18:22PM +0200, Sven Burgener wrote: > I don't like ipchains --list as it's not as informative as the script > itself. For example, it doesn't show the iface that a particular rule > applies to, so I just browse through the script, amend it and then re- > run it. > > But, I could be wrong and not know about some switches. Haven't > really looked into it, I must admit. It shows with --verbose :) or in short form: ipchains -vL or -nvL Mirek
Re: logged packets - why?
On Sun, Sep 24, 2000 at 03:18:22PM +0200, Sven Burgener wrote: > I don't like ipchains --list as it's not as informative as the script > itself. For example, it doesn't show the iface that a particular rule > applies to, so I just browse through the script, amend it and then re- > run it. > > But, I could be wrong and not know about some switches. Haven't > really looked into it, I must admit. It shows with --verbose :) or in short form: ipchains -vL or -nvL Mirek -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logged packets - why?
On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote: > try 0.0.0.0/0 instead of 0.0.0.0 Thanks John! That seems to have solved it. > On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote: > > What is the output of your ipchains list command? (to list the rules in > > effect) I don't like ipchains --list as it's not as informative as the script itself. For example, it doesn't show the iface that a particular rule applies to, so I just browse through the script, amend it and then re- run it. But, I could be wrong and not know about some switches. Haven't really looked into it, I must admit. Thanks Sven -- Windows does *not* have bugs. It just develops random features.
Re: logged packets - why?
On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote: > try 0.0.0.0/0 instead of 0.0.0.0 Thanks John! That seems to have solved it. > On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote: > > What is the output of your ipchains list command? (to list the rules in > > effect) I don't like ipchains --list as it's not as informative as the script itself. For example, it doesn't show the iface that a particular rule applies to, so I just browse through the script, amend it and then re- run it. But, I could be wrong and not know about some switches. Haven't really looked into it, I must admit. Thanks Sven -- Windows does *not* have bugs. It just develops random features.
Re: logged packets - why?
On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote: > try 0.0.0.0/0 instead of 0.0.0.0 Thanks John! That seems to have solved it. > On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote: > > What is the output of your ipchains list command? (to list the rules in > > effect) I don't like ipchains --list as it's not as informative as the script itself. For example, it doesn't show the iface that a particular rule applies to, so I just browse through the script, amend it and then re- run it. But, I could be wrong and not know about some switches. Haven't really looked into it, I must admit. Thanks Sven -- Windows does *not* have bugs. It just develops random features. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logged packets - why?
On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote: > try 0.0.0.0/0 instead of 0.0.0.0 Thanks John! That seems to have solved it. > On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote: > > What is the output of your ipchains list command? (to list the rules in > > effect) I don't like ipchains --list as it's not as informative as the script itself. For example, it doesn't show the iface that a particular rule applies to, so I just browse through the script, amend it and then re- run it. But, I could be wrong and not know about some switches. Haven't really looked into it, I must admit. Thanks Sven -- Windows does *not* have bugs. It just develops random features. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logged packets - why?
> What do I need to change for them to be able to *enter*? > > Sven Bootp and dhcp only use udp and always send their first request to the 'all ones' broadcast address, AFAIK. I don't think you need the tcp rule at all. This is the 'eth0-in' ruleset that I use to accept anything from an internal private subnet including bootp/dhcp: ipchains -N eth0-in ipchains -A eth0-in -i ! eth0 -j DENY -l ipchains -A eth0-in -s 192.168.0.0/24 -j ACCEPT ipchains -A eth0-in -p udp -s 0.0.0.0 bootpc -d 255.255.255.255 \ bootps -j ACCEPT ipchains -A eth0-in -j DENY -l It's more than you were asking, but the fourth rule shown here is the only dhcp related rule that I have found to work properly. __ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Re: logged packets - why?
try 0.0.0.0/0 instead of 0.0.0.0 On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote: > What is the output of your ipchains list command? (to list the rules in > effect) > > -Nathan > > On Sun, 24 Sep 2000, Sven Burgener wrote: > > > Hi boys'n girls > > > > I have these entries in my logs: > > > > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32) > > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32) > > > > I cannot understand why they get logged. The responsible ipchains > > commands are: > > > > ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \ > > -i eth0 -j ACCEPT ! -y > > ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \ > > -i eth0 -j ACCEPT > > > > What do I need to change for them to be able to *enter*? > > > > Sven > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- John
Re: logged packets - why?
What is the output of your ipchains list command? (to list the rules in effect) -Nathan On Sun, 24 Sep 2000, Sven Burgener wrote: > Hi boys'n girls > > I have these entries in my logs: > > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32) > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32) > > I cannot understand why they get logged. The responsible ipchains > commands are: > > ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \ > -i eth0 -j ACCEPT ! -y > ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \ > -i eth0 -j ACCEPT > > What do I need to change for them to be able to *enter*? > > Sven >
Re: logged packets - why?
> What do I need to change for them to be able to *enter*? > > Sven Bootp and dhcp only use udp and always send their first request to the 'all ones' broadcast address, AFAIK. I don't think you need the tcp rule at all. This is the 'eth0-in' ruleset that I use to accept anything from an internal private subnet including bootp/dhcp: ipchains -N eth0-in ipchains -A eth0-in -i ! eth0 -j DENY -l ipchains -A eth0-in -s 192.168.0.0/24 -j ACCEPT ipchains -A eth0-in -p udp -s 0.0.0.0 bootpc -d 255.255.255.255 \ bootps -j ACCEPT ipchains -A eth0-in -j DENY -l It's more than you were asking, but the fourth rule shown here is the only dhcp related rule that I have found to work properly. __ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logged packets - why?
try 0.0.0.0/0 instead of 0.0.0.0 On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote: > What is the output of your ipchains list command? (to list the rules in > effect) > > -Nathan > > On Sun, 24 Sep 2000, Sven Burgener wrote: > > > Hi boys'n girls > > > > I have these entries in my logs: > > > > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32) > > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32) > > > > I cannot understand why they get logged. The responsible ipchains > > commands are: > > > > ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \ > > -i eth0 -j ACCEPT ! -y > > ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \ > > -i eth0 -j ACCEPT > > > > What do I need to change for them to be able to *enter*? > > > > Sven > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logged packets - why?
What is the output of your ipchains list command? (to list the rules in effect) -Nathan On Sun, 24 Sep 2000, Sven Burgener wrote: > Hi boys'n girls > > I have these entries in my logs: > > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32) > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \ > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32) > > I cannot understand why they get logged. The responsible ipchains > commands are: > > ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \ > -i eth0 -j ACCEPT ! -y > ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \ > -i eth0 -j ACCEPT > > What do I need to change for them to be able to *enter*? > > Sven > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]