Re: [SLE] SuSEfirewall2 logging

From: David Krider (david_at_davidkrider.com)
Date: 09/14/03

  • Next message: Sid Boyce: "Re: [SLE] Black screen after NVidia update - 2nd posting"
    To: suse-linux-e@suse.com
    Date: 13 Sep 2003 17:26:18 -0500
    
    

    On Fri, 2003-09-12 at 18:40, Carlos E. R. wrote:
    > The 03.09.12 at 13:53, David Krider wrote:
    >
    > > > FW_LOG_ACCEPT_CRIT="yes"
    > > > FW_LOG_ACCEPT_ALL="no"
    > >
    > > I was afraid of this. Both of these entries are set to no in my config
    > > file, yet I continue to get the reports in my log. Any other ideas?
    >
    > On a machine I set up for a friend, I discovered I was adjusting
    > susefirewall2, and he was using the other one, because it was setup
    > automatically by yast after changing something on the network setup.

    I have stopped and restarted this thing many times in trying to sort
    this out. That alleviates one response. I haven't run SuSEconfig in any
    of this, so that should rule out the /etc/sysconfig/SuSEfirewall2 script
    getting rewritten on the fly.

    I use the following two rules in FW_FORWARD to get NFS passed between my
    DMZ and my internal network:

    192.168.1.0/24,192.168.1.2,udp,1:65535
    192.168.1.2,192.168.4.0/24,udp,800

    The interesting thing to me is that the only thing that I keep getting
    FW-ACCEPT messages for are the responses from port 800 in my DMZ back to
    my internal network. They always look like this:

    Sep 13 17:21:39 reliant kernel: SuSE-FW-ACCEPT IN=eth1 OUT=eth0
    SRC=192.168.1.2 DST=192.168.4.200 LEN=148 TOS=0x00 PREC=0x00 TTL=63
    ID=30811 DF PROTO=UDP SPT=2049 DPT=800 LEN=128

    My guess is that this has something to do with the fact that it's UDP
    traffic, or that it's a low port, but I also have this rule for printing
    from Samba:

    192.168.1.2,192.168.4.0/24,udp,137

    And I never get any messages about that one. I also do NOT get the
    messages when I access the NFS share from the firewall. This is being
    taken care of here:

    FW_SERVICES_DMZ_UDP="domain 600:1023"

    Again, anyone know why I'd get those messages for that one rule, and not
    the others? Perhaps I should send this to the maintainer of
    SuSEfirewall2?

    Regards,
    dk

    -- 
    Check the headers for your unsubscription address
    For additional commands send e-mail to suse-linux-e-help@suse.com
    Also check the archives at http://lists.suse.com
    Please read the FAQs: suse-linux-e-faq@suse.com
    

  • Next message: Sid Boyce: "Re: [SLE] Black screen after NVidia update - 2nd posting"