Re: logged packets - why?

2000-09-25 Thread Sven Burgener 
On Mon, Sep 25, 2000 at 12:57:30PM +0200, Mirek Kwasniak wrote:
> > But, I could be wrong and not know about some switches. Haven't
> > really looked into it, I must admit.

> It shows with --verbose :)
> or in short form: ipchains -vL or -nvL

Learn minimally one new thing on one of the debian-* 
mailing lists daily. :)

Thanks
Sven
-- 
Have you rebooted your NT box today?

Re: logged packets - why?

2000-09-25 Thread Sven Burgener 

On Mon, Sep 25, 2000 at 12:57:30PM +0200, Mirek Kwasniak wrote:
> > But, I could be wrong and not know about some switches. Haven't
> > really looked into it, I must admit.

> It shows with --verbose :)
> or in short form: ipchains -vL or -nvL

Learn minimally one new thing on one of the debian-* 
mailing lists daily. :)

Thanks
Sven
-- 
Have you rebooted your NT box today?


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logged packets - why?

2000-09-25 Thread Mirek Kwasniak 
On Sun, Sep 24, 2000 at 03:18:22PM +0200, Sven Burgener wrote:
> I don't like ipchains --list as it's not as informative as the script 
> itself.  For example, it doesn't show the iface that a particular rule 
> applies to, so I just browse through the script, amend it and then re-
> run it.
> 
> But, I could be wrong and not know about some switches. Haven't
> really looked into it, I must admit.

It shows with --verbose :)
or in short form: ipchains -vL or -nvL

Mirek

Re: logged packets - why?

2000-09-25 Thread Mirek Kwasniak 

On Sun, Sep 24, 2000 at 03:18:22PM +0200, Sven Burgener wrote:
> I don't like ipchains --list as it's not as informative as the script 
> itself.  For example, it doesn't show the iface that a particular rule 
> applies to, so I just browse through the script, amend it and then re-
> run it.
> 
> But, I could be wrong and not know about some switches. Haven't
> really looked into it, I must admit.

It shows with --verbose :)
or in short form: ipchains -vL or -nvL

Mirek


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logged packets - why?

2000-09-24 Thread Sven Burgener 
On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote:
> try 0.0.0.0/0 instead of 0.0.0.0

Thanks John! That seems to have solved it.

> On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote:
> > What is the output of your ipchains list command?  (to list the rules in
> > effect)

I don't like ipchains --list as it's not as informative as the script 
itself.  For example, it doesn't show the iface that a particular rule 
applies to, so I just browse through the script, amend it and then re-
run it.

But, I could be wrong and not know about some switches. Haven't
really looked into it, I must admit.

Thanks
Sven
-- 
Windows does *not* have bugs. It just develops random features.

Re: logged packets - why?

2000-09-24 Thread Sven Burgener 
On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote:
> try 0.0.0.0/0 instead of 0.0.0.0

Thanks John! That seems to have solved it.

> On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote:
> > What is the output of your ipchains list command?  (to list the rules in
> > effect)

I don't like ipchains --list as it's not as informative as the script 
itself.  For example, it doesn't show the iface that a particular rule 
applies to, so I just browse through the script, amend it and then re-
run it.

But, I could be wrong and not know about some switches. Haven't
really looked into it, I must admit.

Thanks
Sven
-- 
Windows does *not* have bugs. It just develops random features.

Re: logged packets - why?

2000-09-24 Thread Sven Burgener 

On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote:
> try 0.0.0.0/0 instead of 0.0.0.0

Thanks John! That seems to have solved it.

> On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote:
> > What is the output of your ipchains list command?  (to list the rules in
> > effect)

I don't like ipchains --list as it's not as informative as the script 
itself.  For example, it doesn't show the iface that a particular rule 
applies to, so I just browse through the script, amend it and then re-
run it.

But, I could be wrong and not know about some switches. Haven't
really looked into it, I must admit.

Thanks
Sven
-- 
Windows does *not* have bugs. It just develops random features.


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logged packets - why?

2000-09-24 Thread Sven Burgener 

On Sun, Sep 24, 2000 at 01:04:12PM +1100, John Ferlito wrote:
> try 0.0.0.0/0 instead of 0.0.0.0

Thanks John! That seems to have solved it.

> On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote:
> > What is the output of your ipchains list command?  (to list the rules in
> > effect)

I don't like ipchains --list as it's not as informative as the script 
itself.  For example, it doesn't show the iface that a particular rule 
applies to, so I just browse through the script, amend it and then re-
run it.

But, I could be wrong and not know about some switches. Haven't
really looked into it, I must admit.

Thanks
Sven
-- 
Windows does *not* have bugs. It just develops random features.


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logged packets - why?

2000-09-23 Thread Michael W. Shaffer 
> What do I need to change for them to be able to *enter*?
> 
> Sven

Bootp and dhcp only use udp and always send their first request to the 'all
ones' broadcast address, AFAIK. I don't think you need the tcp rule at all.
This is the 'eth0-in' ruleset that I use to accept anything from an internal
private subnet including bootp/dhcp:


ipchains -N eth0-in
ipchains -A eth0-in -i ! eth0 -j DENY -l
ipchains -A eth0-in -s 192.168.0.0/24 -j ACCEPT
ipchains -A eth0-in -p udp -s 0.0.0.0 bootpc -d 255.255.255.255 \
  bootps -j ACCEPT
ipchains -A eth0-in -j DENY -l


It's more than you were asking, but the fourth rule shown here is the only dhcp
related rule that I have found to work properly.




__
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Re: logged packets - why?

2000-09-23 Thread John Ferlito 
try 0.0.0.0/0 instead of 0.0.0.0

On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote:
> What is the output of your ipchains list command?  (to list the rules in
> effect)
> 
> -Nathan
> 
> On Sun, 24 Sep 2000, Sven Burgener wrote:
> 
> > Hi boys'n girls
> > 
> > I have these entries in my logs:
> > 
> > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
> > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32)
> > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
> > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32)
> > 
> > I cannot understand why they get logged. The responsible ipchains
> > commands are:
> > 
> > ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \
> > -i eth0 -j ACCEPT ! -y
> > ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \
> > -i eth0 -j ACCEPT
> > 
> > What do I need to change for them to be able to *enter*?
> > 
> > Sven
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
John

Re: logged packets - why?

2000-09-23 Thread Nathan 
What is the output of your ipchains list command?  (to list the rules in
effect)

-Nathan

On Sun, 24 Sep 2000, Sven Burgener wrote:

> Hi boys'n girls
> 
> I have these entries in my logs:
> 
> Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
>   62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32)
> Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
>   62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32)
> 
> I cannot understand why they get logged. The responsible ipchains
> commands are:
> 
> ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \
>   -i eth0 -j ACCEPT ! -y
> ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \
>   -i eth0 -j ACCEPT
> 
> What do I need to change for them to be able to *enter*?
> 
> Sven
>

Re: logged packets - why?

2000-09-23 Thread Michael W. Shaffer 

> What do I need to change for them to be able to *enter*?
> 
> Sven

Bootp and dhcp only use udp and always send their first request to the 'all
ones' broadcast address, AFAIK. I don't think you need the tcp rule at all.
This is the 'eth0-in' ruleset that I use to accept anything from an internal
private subnet including bootp/dhcp:


ipchains -N eth0-in
ipchains -A eth0-in -i ! eth0 -j DENY -l
ipchains -A eth0-in -s 192.168.0.0/24 -j ACCEPT
ipchains -A eth0-in -p udp -s 0.0.0.0 bootpc -d 255.255.255.255 \
  bootps -j ACCEPT
ipchains -A eth0-in -j DENY -l


It's more than you were asking, but the fourth rule shown here is the only dhcp
related rule that I have found to work properly.




__
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logged packets - why?

2000-09-23 Thread John Ferlito 

try 0.0.0.0/0 instead of 0.0.0.0

On Sat, Sep 23, 2000 at 07:57:02PM -0600, Nathan wrote:
> What is the output of your ipchains list command?  (to list the rules in
> effect)
> 
> -Nathan
> 
> On Sun, 24 Sep 2000, Sven Burgener wrote:
> 
> > Hi boys'n girls
> > 
> > I have these entries in my logs:
> > 
> > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
> > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32)
> > Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
> > 62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32)
> > 
> > I cannot understand why they get logged. The responsible ipchains
> > commands are:
> > 
> > ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \
> > -i eth0 -j ACCEPT ! -y
> > ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \
> > -i eth0 -j ACCEPT
> > 
> > What do I need to change for them to be able to *enter*?
> > 
> > Sven
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
John


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: logged packets - why?

2000-09-23 Thread Nathan 

What is the output of your ipchains list command?  (to list the rules in
effect)

-Nathan

On Sun, 24 Sep 2000, Sven Burgener wrote:

> Hi boys'n girls
> 
> I have these entries in my logs:
> 
> Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
>   62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59001 F=0x4000 T=250 (#32)
> Sep 23 22:07:27 host kernel: Packet log: input DENY eth0 PROTO=17 \
>   62.2.XX.XX:67 62.2.XX.XX:68 L=328 S=0x00 I=59002 F=0x4000 T=250 (#32)
> 
> I cannot understand why they get logged. The responsible ipchains
> commands are:
> 
> ${ipchains} -I input -p tcp -s 0.0.0.0 bootps --dport bootpc \
>   -i eth0 -j ACCEPT ! -y
> ${ipchains} -I input -p udp -s 0.0.0.0 bootps --dport bootpc \
>   -i eth0 -j ACCEPT
> 
> What do I need to change for them to be able to *enter*?
> 
> Sven
> 


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]