Re: Re: How to get rid of this firewall error. [Solved]
Thanks for every ones help. I resolved all issues with errors from my firewall. Here is a summary 1) My DSL modem/router periodically pings my machine. If I accept then it queries more about www server, samba server etc. I do not like these requests as I do not know what the modem does with that info. The modem/router is given to me by verizon DSL service. So, I shut off any incoming packet from that interface that is not already established by an in-to-out connection. I was doing this before too, but I was loggin in such message. Now I dropped loging it, if it is from my dsl router. 2) I have virtual machines connected with br0 to internal net, and I did not do the iptables from br0 to internal net properly and that caused nmbd queries from br0 (ie from vms) to rest of the internal net to be dropped and loggged. I updated a few rules and the log messages went away. 3) No my syslog onlyc contains useful messages. Ramesh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c531b34.6080...@ti.com
Re: How to get rid of this firewall error.
On Fri, July 30, 2010 07:35, R. Ramesh wrote: > My bad, I googled icmp_type 8. It seems harmless and required to be > implemented. So I am going to accept. > After filtering out this one, I notice another one coming from my own > firewall and need to figure out who is sending it. > > [2731831.967429] IN=eth1 OUT= MAC= SRC=192.168.1.47 DST=192.168.1.255 > LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 > LEN=213 > > I think this from my nmbd on the outgoing port. I am going to > investigate interfaces option in smb.conf. Please tell me if I am on the > wrong path. > Seems more like an incoming packet (the OUT interface is blank), probably a smb server or windows machine sending its broadcast message (notice the .255 in the destination IP) Regards, Steven -- Rarely do people communicate; they just take turns talking. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/42335.91.183.48.98.1280473329.squir...@stevenleeuw.kwik.to
Re: How to get rid of this firewall error.
Ramasubramanian Ramesh wrote: top posting - iihh ugly ;-p well, it's the netfilter code from the kernel instructed by an iptables rule, that spits out that message. most likely this is a message informing you about a blocked packet. the question is: who/what set this iptables rule to tell the kernel to discard such packets? my cristal ball is currently somehow foggy, so I can't tell. maybe you know what firewall frontend you are using? what to do? well - to prohibit logging of those packets in the short term a rule like this may do the job: iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP for the long term: learn how to configure your firewall frontend or iptables. but it's you modem/router right? so it might just check if you online. so it could be a 'good packet', which you might want to accept. - same thing as above just with the ACCEPT target. best regards Mart My mail tool some times refuses to bottom post, especially, when I reply to myself. I have to jump through hoops and some time it is easier to submit to its demands :-) Agreed. I set up the tables to drop and log messages whenever an unsolicited message comes from outside. But, I did not think I setup the router to send periodic pings. I guess the verizon router (yes, it is mine because verizon gave it to me free) does that because it is windows centric and it likes to by user friendly by inquiring "are you there? I greet you, etc." It may be a good packet or it may be a bad packet. I still do not want to look at unsolicited packets. I am worried that some one from outside can spoof as my router. I will just drop this specific packet without logging it. Specifically, what does icmp_type = 8 mean? Ramesh My bad, I googled icmp_type 8. It seems harmless and required to be implemented. So I am going to accept. After filtering out this one, I notice another one coming from my own firewall and need to figure out who is sending it. [2731831.967429] IN=eth1 OUT= MAC= SRC=192.168.1.47 DST=192.168.1.255 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=213 I think this from my nmbd on the outgoing port. I am going to investigate interfaces option in smb.conf. Please tell me if I am on the wrong path. Ramesh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c526491.20...@verizon.net
Re: Re: How to get rid of this firewall error.
top posting - iihh ugly ;-p well, it's the netfilter code from the kernel instructed by an iptables rule, that spits out that message. most likely this is a message informing you about a blocked packet. the question is: who/what set this iptables rule to tell the kernel to discard such packets? my cristal ball is currently somehow foggy, so I can't tell. maybe you know what firewall frontend you are using? what to do? well - to prohibit logging of those packets in the short term a rule like this may do the job: iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP for the long term: learn how to configure your firewall frontend or iptables. but it's you modem/router right? so it might just check if you online. so it could be a 'good packet', which you might want to accept. - same thing as above just with the ACCEPT target. best regards Mart My mail tool some times refuses to bottom post, especially, when I reply to myself. I have to jump through hoops and some time it is easier to submit to its demands :-) Agreed. I set up the tables to drop and log messages whenever an unsolicited message comes from outside. But, I did not think I setup the router to send periodic pings. I guess the verizon router (yes, it is mine because verizon gave it to me free) does that because it is windows centric and it likes to by user friendly by inquiring "are you there? I greet you, etc." It may be a good packet or it may be a bad packet. I still do not want to look at unsolicited packets. I am worried that some one from outside can spoof as my router. I will just drop this specific packet without logging it. Specifically, what does icmp_type = 8 mean? Ramesh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c525c93.4010...@ti.com
Re: How to get rid of this firewall error.
On 30.07.2010 02:49, Ramasubramanian Ramesh wrote: It would have helped if I actually include the message :-) Here it is: [2709614.616138] IN=eth1 OUT= MAC=00:16:e6:84:37:c5:00:0f:db:5c:a0:58:08:00 SRC=192.168.1.1 DST=192.168.1.47 LEN=36 TOS=0x00 PREC=0x00 TTL=64 ID=37027 PROTO=ICMP TYPE=8 CODE=0 ID=60352 SEQ=0 192.168.1.47 is my firewall connected to the DSL modem/router (which I think must be 192.168.1.1) Ramesh Ramasubramanian Ramesh wrote: Hi: My syslog and console window is repeatedly printing the follwing message from my firewall setup. I cannot figure out which program or service is printing this message. My first preference is to modify the source behavior. The second choice is to stop printing the message. I guess I could edit the firewall script. But, I like to get some expert feedback before I proceed this way. Thanks Ramesh top posting - iihh ugly ;-p well, it's the netfilter code from the kernel instructed by an iptables rule, that spits out that message. most likely this is a message informing you about a blocked packet. the question is: who/what set this iptables rule to tell the kernel to discard such packets? my cristal ball is currently somehow foggy, so I can't tell. maybe you know what firewall frontend you are using? what to do? well - to prohibit logging of those packets in the short term a rule like this may do the job: iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP for the long term: learn how to configure your firewall frontend or iptables. but it's you modem/router right? so it might just check if you online. so it could be a 'good packet', which you might want to accept. - same thing as above just with the ACCEPT target. best regards Mart -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c5255be.3020...@chello.at
Re: How to get rid of this firewall error.
It would have helped if I actually include the message :-) Here it is: [2709614.616138] IN=eth1 OUT= MAC=00:16:e6:84:37:c5:00:0f:db:5c:a0:58:08:00 SRC=192.168.1.1 DST=192.168.1.47 LEN=36 TOS=0x00 PREC=0x00 TTL=64 ID=37027 PROTO=ICMP TYPE=8 CODE=0 ID=60352 SEQ=0 192.168.1.47 is my firewall connected to the DSL modem/router (which I think must be 192.168.1.1) Ramesh Ramasubramanian Ramesh wrote: Hi: My syslog and console window is repeatedly printing the follwing message from my firewall setup. I cannot figure out which program or service is printing this message. My first preference is to modify the source behavior. The second choice is to stop printing the message. I guess I could edit the firewall script. But, I like to get some expert feedback before I proceed this way. Thanks Ramesh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c5221a8.2090...@ti.com
How to get rid of this firewall error.
Hi: My syslog and console window is repeatedly printing the follwing message from my firewall setup. I cannot figure out which program or service is printing this message. My first preference is to modify the source behavior. The second choice is to stop printing the message. I guess I could edit the firewall script. But, I like to get some expert feedback before I proceed this way. Thanks Ramesh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c522072.2070...@ti.com