Hello I've just re-installed my own domestic firewall machine. I do that every week or two. It doesn't last much longer than that before it is rooted. That's after using the harden_suse script to help it along a bit. After re-installing and using it for a couple of days I now find that when I disconnect from the net that I get a message in my /var/log/messages console that says ......... kernel: Packet log: output DENY ippp0 PROTO=17 address.of.my.machine: 61122 and also ... kernel: Packet log: output DENY ippp0 PROTO=17 address.of.my.machine:61127 address.of.my.ISP:53 I had a look in /etc/services and can't find a reference to port 61122 or 61127. Does anyone know what that is ? Also, does anyone know why I'm getting this message scrolling down the screen all the time ? I notice that it starts up shortly after I boot my workstation which is attached to my own internal network. Also, can anyone tell me how to get the personal firewall to log messages to /var/log/messages ? I have to use my own firewall script so that I can actually read the log messages in /var/log/messages. Thanks -- Richard
Hi Richard, On 2001.08.10 18:56:09 +0100 Richard Ibbotson wrote:
Hello
...
After re-installing and using it for a couple of days I now find that when I disconnect from the net that I get a message in my /var/log/messages console that says .........
kernel: Packet log: output DENY ippp0 PROTO=17 address.of.my.machine: 61122 and also ...
kernel: Packet log: output DENY ippp0 PROTO=17 address.of.my.machine:61127 address.of.my.ISP:53
I had a look in /etc/services and can't find a reference to port 61122 or 61127. Does anyone know what that is ? Also, does anyone know why I'm getting this message scrolling down the screen all the time ? I notice that it starts up shortly after I boot my workstation which is attached to my own internal network.
These packets are ( _/ probably \_ ) harmless. They are requests from some process on your machine doing a DNS enquiry to your ISP. Various deamons could be responsible - eg sendmail, xntpd, etc, etc - anything which may need to map an IP address to a hostname. Linux processes use the (generally unreserved) high ports (>60000 ish) to start outgoing connections like this.
Also, can anyone tell me how to get the personal firewall to log messages to /var/log/messages ? I have to use my own firewall script so that I can actually read the log messages in /var/log/messages.
Nope, coz' I don't use it. Try 'man syslog' - it may be your friend! HTH, Maf.
Thanks
-- Richard
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
maf king wrote:
kernel: Packet log: output DENY ippp0 PROTO=17 address.of.my.machine:61127 address.of.my.ISP:53
To OP: Provide the log entries, as they are, not interpreted and cut
These packets are ( _/ probably \_ ) harmless. They are requests from some process on your machine doing a DNS enquiry to your ISP. Various deamons could be responsible - eg sendmail, xntpd, etc, etc - anything which may need to map an IP address to a hostname.
DNS is correct, but ...
Linux processes use the (generally unreserved) high ports (>60000 ish) to start outgoing connections like this.
... ports in this range are from masqueraded connections. If domain querys are rejected, this machine woud not be very useful on the internet. HTH leo
Hi List, On 2001.08.11 10:01:08 +0100 Leopold Toetsch wrote:
maf king wrote:
Linux processes use the (generally unreserved) high ports (>60000 ish) to start outgoing connections like this.
... ports in this range are from masqueraded connections.
You are quite right, Leo, my mistake :-(
If domain querys are rejected, this machine woud not be very useful on the internet.
But if you are on the end of a dial-up line, you don't want any old DNS queies costing you money by bringing the line up - so it makes sense to block such packets when the line is down and the machine is *not* on the internet... Maf.
HTH leo
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (3)
-
Leopold Toetsch
-
maf king
-
Richard Ibbotson