Re: Don't display firewall messages to screen
On Saturday 07 September 2002 09:39 pm, Tom Pollerman wrote: > My RedHat 7.0 /etc/syslog.conf has a default setting to log kernel > messages to /dev/console, but this line is commented out. > Is it possible that you HAD been logging to /dev/console, then changed > it to log to a file (/var/log/messages) without restarting the syslogd > daemon with: > >/etc/rc.d/init.d/syslog restart > > Just a shot in the dark. Unfortunately, this isn't the case. I have rebooted my system multiple times since then and it hasn't fixed the problem. ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Don't display firewall messages to screen
On Saturday 07 September 2002 07:38 pm, Robert Canary wrote: > try adding > *.debug /var/log/debug.log I tried that. It logs the firewall messages (plus some other things) to that file. But it still logs to /var/log/messages and it still logs to the screen. I don't actually want it to any additional places. I just want it to stop logging to the screen. > it is hard to tell which facility to capture, but since you have > debuggibg turned on I am guessing it should be in the .debug sub > facility. >From this firewall message: Sep 9 19:27:08 hostname kernel: Dropped: IN=eth0 OUT= MAC=00:05:xx:xx:xx:xx:00:00:77:95:6e:c6:08:00 SRC=24.68.18.131 DST=xx.xx.xx.xx LEN=78 TOS=0x00 PREC=0x00 TTL=125 ID=5039 PROTO=UDP SPT=137 DPT=137 LEN=58 It appears that it is the kernel facility that is being logged. This makes sense since it's a kernel module that does the filtering. >From this portion of my "iptables -L" command LOGall -- anywhere anywhere LOG level warning prefix `Dropped: it appears that it's logging with a priority of 'warning'. When I wrote that I was "debugging" my firewall, I was trying to figure out why it isn't working. For the time being, I am assuming it is because of an incorrect firewall rule. I added a rule to display every received packet so I can see what is being received and what is being dropped. I didn't actually modify syslog.conf to log any facilities at the debug level to do this. > > You might want to try creating a log file local1 thru local7 I don't think this will make any difference since the firewall rules seem to be logging using the kernel facility. ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: iptables grief
On Sunday 08 September 2002 02:38 pm, Joe Giles wrote: > I know this is not in relation to your problem, but I'm new to IPTABELS > and learning. I have managed to use Firestarter to set up my initial > rules, then I just modify the firestarter.sh file. However, I read your > iptables file and noticed that there are numbers within brackets like > [224:19779]. What are those numbers for? I think they refer to the number of packets:bytes that that particular rule processed. ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
iptables grief
I am using the following setup: Internet | Cable Modem | | -- Firewall: eth0 (IP assigned by DHCP) | Firewall | | -- Firewall: eth1 (static: 192.168.0.254) | Null Ethernet Cable | | -- Workstation: eth0 (static: 192.168.0.1) | Workstation >From the firewall, I can ping the workstation and I can get full access to the Internet. From the workstation, I can ping the firewall and I can ping 66.218.71.84 (yahoo) but I can't get Mozilla to work. I have attached my iptables rules. Any ideas? ...Stephen # Generated by iptables-save v1.2.4 on Fri May 26 14:19:36 1995 *nat :PREROUTING ACCEPT [519:42839] :POSTROUTING ACCEPT [237:15567] :OUTPUT ACCEPT [236:15705] [93:7041] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE COMMIT # Completed on Fri May 26 14:19:36 1995 # Generated by iptables-save v1.2.4 on Fri May 26 14:19:36 1995 *filter :INPUT DROP [224:19779] :FORWARD DROP [188:12590] :OUTPUT ACCEPT [1434:107304] :tcprules - [0:0] [500:52099] -A INPUT -j tcprules [556:47547] -A FORWARD -j tcprules [805:74775] -A tcprules -i eth+ -j LOG --log-prefix "Received Packet: " [370:39943] -A tcprules -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT [11:953] -A tcprules -i ! eth0 -j ACCEPT [90:13372] -A tcprules -i eth0 -j LOG --log-prefix "Dropped: " [90:13372] -A tcprules -i eth0 -m state --state INVALID,NEW -j DROP COMMIT # Completed on Fri May 26 14:19:36 1995
Don't display firewall messages to screen
I am in the process of debugging my firewall so I am logging every packet received. However, it is logging to the screen in addition to logging to a file. It doesn't matter which virtual terminal I switch to; I still see the firewall messages. I only want it to log to a file. Any ideas on how to accomplish this? I am running iptables on Red Hat 7.1. I have attached my syslog.conf. # Log all kernel messages to the console. # Logging much else clutters up the screen. kern.* /var/log/messages # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none/var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages, plus log them on another # machine. *.emerg * # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.*/var/log/boot.log
Where is ktop?
I used to have a GUI-based tool which would display the process table (like ps) but it would display the processes in parent/child order so you could easily follow parent/child up/down the process tree. I think it might have been ktop but I don't seem to have that on my system. Is there something else that does the same thing? I am running KDE 3.0.0 on Red Hat 7.3. ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
