Re: [SLE] SuSEfirewall2 logging
From: David Krider (david_at_davidkrider.com)
Date: 09/14/03
- Previous message: Sid Boyce: "Re: [SLE] 2.6.0 Kernel"
- In reply to: Carlos E. R.: "Re: [SLE] SuSEfirewall2 logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: 13 Sep 2003 17:26:18 -0500
On Fri, 2003-09-12 at 18:40, Carlos E. R. wrote:
> The 03.09.12 at 13:53, David Krider wrote:
>
> > > FW_LOG_ACCEPT_CRIT="yes"
> > > FW_LOG_ACCEPT_ALL="no"
> >
> > I was afraid of this. Both of these entries are set to no in my config
> > file, yet I continue to get the reports in my log. Any other ideas?
>
> On a machine I set up for a friend, I discovered I was adjusting
> susefirewall2, and he was using the other one, because it was setup
> automatically by yast after changing something on the network setup.
I have stopped and restarted this thing many times in trying to sort
this out. That alleviates one response. I haven't run SuSEconfig in any
of this, so that should rule out the /etc/sysconfig/SuSEfirewall2 script
getting rewritten on the fly.
I use the following two rules in FW_FORWARD to get NFS passed between my
DMZ and my internal network:
192.168.1.0/24,192.168.1.2,udp,1:65535
192.168.1.2,192.168.4.0/24,udp,800
The interesting thing to me is that the only thing that I keep getting
FW-ACCEPT messages for are the responses from port 800 in my DMZ back to
my internal network. They always look like this:
Sep 13 17:21:39 reliant kernel: SuSE-FW-ACCEPT IN=eth1 OUT=eth0
SRC=192.168.1.2 DST=192.168.4.200 LEN=148 TOS=0x00 PREC=0x00 TTL=63
ID=30811 DF PROTO=UDP SPT=2049 DPT=800 LEN=128
My guess is that this has something to do with the fact that it's UDP
traffic, or that it's a low port, but I also have this rule for printing
from Samba:
192.168.1.2,192.168.4.0/24,udp,137
And I never get any messages about that one. I also do NOT get the
messages when I access the NFS share from the firewall. This is being
taken care of here:
FW_SERVICES_DMZ_UDP="domain 600:1023"
Again, anyone know why I'd get those messages for that one rule, and not
the others? Perhaps I should send this to the maintainer of
SuSEfirewall2?
Regards,
dk
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Sid Boyce: "Re: [SLE] 2.6.0 Kernel"
- In reply to: Carlos E. R.: "Re: [SLE] SuSEfirewall2 logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
