Re: Where is /dev/console in F8? --> iptables denial of nfs connection
- From: Bob Kinney <bc98kinney@xxxxxxxxx>
- Date: Thu, 24 Jan 2008 17:15:31 -0800 (PST)
--- "Kevin J. Cummings" <cummings@xxxxxxxxxxxxxxxxxx> wrote:
Bob Kinney wrote:
--- Bob Kinney <bc98kinney@xxxxxxxxx> wrote:
OK, I figured out that xconsole will provide a console window, though I'm
surprised that there isn't a default output for it.
IIRC, by default, /dev/console is VC1, because that's the console that
the system boots up on. If you Ctrl-Alt-F1, do you see any messages?
I usually run an xterm with the -C option to transfer the console to one
of my X windows when I start X. Yes, xconsole is another tool you can use.
So I turned on kernel message logging to the console via the rsyslog.conffile.
When I try to nfs mount to this machine, though, it times out unless Ithe
stop the iptables service. When iptables is on I don't get any messages on
console window, so I can't see the reason for the denial. hmmph.
I don't know what level of message you are looking for, but you might
try playing with your rsyslog.conf to log more messages to the console.
By default, only critical or emergency messages go to the console,
everything else goes to the log file only, or is suppressed unless you
configure it. You'll have to check your configuration file to be sure.
In general, I'm disappointed at what actually gets logged sometimes. I
have programs die with no visible errors and nothing in my logs. Kinda
makes it a guessing game as to what went wrong. OTOH, my logs are also
full of useful information from other sources.
--
Kevin J. Cummings
kjchome@xxxxxxx
cummings@xxxxxxxxxxxxxxxxxx
cummings@xxxxxxxxxxxxxxxxxxxxxxx
Registered Linux User #1232 (http://counter.li.org)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
My VC1 only shows a login prompt. No additional messages were shown there.
I did, however, get messages on the xconsole window.
I modified my rsyslog.conf a'la
http://www.iptablesrocks.org/guide/preparation.php
except that I left the default configuration's choice to output to
/dev/console:
-------
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.debug;kern.info /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
----
I restarted both rsyslogd and iptables, hoping that I would see messages
reflecting the apparent connection denials stemming from my system-generated
config:
-----------------
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
-----------
I still haven't got my brain around the whole iptables configuration, but right
off I notice that there are no directives to actually log anything. Being a
rookie, I like to keep things as stock as possible (so as not to blow up the
GUI config program), so where would you put the LOG directive in this setup?
Regards,
--bobcat
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- References:
- Re: Where is /dev/console in F8? --> iptables denial of nfs connection
- From: Kevin J. Cummings
- Re: Where is /dev/console in F8? --> iptables denial of nfs connection
- Prev by Date: Re: basic bluetooth question
- Next by Date: New F8 kernel install error
- Previous by thread: Re: Where is /dev/console in F8? --> iptables denial of nfs connection
- Next by thread: Re: Where is /dev/console in F8? --> iptables denial of nfs connection
- Index(es):
Relevant Pages
|
