Difrents INPUT/FORWARD -logging
Welcome I do not know where is the problem with my firewall set I have set : iptables -t filter - I FORWARD -j LOG And because of this smth like this is displayed on my screen BAD_FORWARDIN=eth2 OUT=eth0 SRC=169.254.199.81 DST=148.81.116.98 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=34055 PROTO=UDP SPT=137 DPT=53 LEN=49 This is strange because eth2 ip is 192.168.2.254 so if the src ip of this packet is 169.254.199.81 this means that someone is having fun. I want to know what machine is sending this packets, so I set iptables -t filter -I INPUT -i eth2 -s 169.254.199.81 -j LOG but it doesn't help I see logs from FORWARD rules but i do not see any from INPUT rules. This was a shortcut of my firewall rules, but the meaning of this hole problem has been shown to you Can someone explain me this? -- ROBERT MAGIER -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Difrents INPUT/FORWARD -logging
On Wed, 30 May 2001, Robert Magier wrote: BAD_FORWARDIN=eth2 OUT=eth0 SRC=169.254.199.81 DST=148.81.116.98 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=34055 PROTO=UDP SPT=137 DPT=53 LEN=49 (snip...) I want to know what machine is sending this packets, so I set iptables -t filter -I INPUT -i eth2 -s 169.254.199.81 -j LOG but it doesn't help I see logs from FORWARD rules but i do not see any from INPUT rules. This is exactly as it is supposed to be. The flow of packets through the chains changed from the old ipchains based firewalling code of kernels 2.2.x to the new netfilter code in 2.4.x kernels. In particular, upon arriving a packet is examined to find out how it is supposed to be routed (and passes through the PRE-POST ROUTING chains), then if a packet is supposed to be forwarded it goes through the FORWARD chain, if it is directed to one of the local IPs it goes through the INPUT chain. This means that the INPUT and FORWARD chains are mutually exclusive in netfilter (which iptables uses) code. This is the most important difference between netfilter and ipchains, as in the latter all incoming packets went through the input chain regardless of whether they were directed to a local interface or were meant to be forwarded. The bottom line is: if you are an experienced user of ipchains be careful not to make wrong assumptions when using iptables... Bye Giacomo _ Giacomo Mulas [EMAIL PROTECTED], [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel.: +39 070 71180 216 Fax : +39 070 71180 222 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Difrents INPUT/FORWARD -logging
Welcome I do not know where is the problem with my firewall set I have set : iptables -t filter - I FORWARD -j LOG And because of this smth like this is displayed on my screen BAD_FORWARDIN=eth2 OUT=eth0 SRC=169.254.199.81 DST=148.81.116.98 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=34055 PROTO=UDP SPT=137 DPT=53 LEN=49 This is strange because eth2 ip is 192.168.2.254 so if the src ip of this packet is 169.254.199.81 this means that someone is having fun. I want to know what machine is sending this packets, so I set iptables -t filter -I INPUT -i eth2 -s 169.254.199.81 -j LOG but it doesn't help I see logs from FORWARD rules but i do not see any from INPUT rules. This was a shortcut of my firewall rules, but the meaning of this hole problem has been shown to you Can someone explain me this? -- ROBERT MAGIER
Re: Difrents INPUT/FORWARD -logging
On Wed, 30 May 2001, Robert Magier wrote: BAD_FORWARDIN=eth2 OUT=eth0 SRC=169.254.199.81 DST=148.81.116.98 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=34055 PROTO=UDP SPT=137 DPT=53 LEN=49 (snip...) I want to know what machine is sending this packets, so I set iptables -t filter -I INPUT -i eth2 -s 169.254.199.81 -j LOG but it doesn't help I see logs from FORWARD rules but i do not see any from INPUT rules. This is exactly as it is supposed to be. The flow of packets through the chains changed from the old ipchains based firewalling code of kernels 2.2.x to the new netfilter code in 2.4.x kernels. In particular, upon arriving a packet is examined to find out how it is supposed to be routed (and passes through the PRE-POST ROUTING chains), then if a packet is supposed to be forwarded it goes through the FORWARD chain, if it is directed to one of the local IPs it goes through the INPUT chain. This means that the INPUT and FORWARD chains are mutually exclusive in netfilter (which iptables uses) code. This is the most important difference between netfilter and ipchains, as in the latter all incoming packets went through the input chain regardless of whether they were directed to a local interface or were meant to be forwarded. The bottom line is: if you are an experienced user of ipchains be careful not to make wrong assumptions when using iptables... Bye Giacomo _ Giacomo Mulas [EMAIL PROTECTED], [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel.: +39 070 71180 216 Fax : +39 070 71180 222 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _