RE: [opensuse] errors from dmesg
On 2007-04-20 11:59, James D. Parra wrote:
Hello,
Getting strange error messages from dmesg;
SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.20.6 DST=192.168.20.129 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=143 DPT=2502 WINDOW=0 RES=0x00 RST URGP=0 SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.20.6 DST=192.168.20.220 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=143 DPT=2812 WINDOW=0 RES=0x00 RST URGP=0 SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.20.6 DST=192.168.20.253 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=143 DPT=1225 WINDOW=0 RES=0x00 RST URGP=0
The NIC is a 3Com 1000m.
What do they mean?
Thank you,
James
These are reply packets from IMAP to remote systems, but the firewall is not aware of any connections initiated by the remote systems to the IMAP port, 143 (see note). Check to see that you have the connection tracking module loaded (lsmod |grep conntrack, the module name is ip_conntrack.) The firewall script should ensure that it is loaded, but make sure anyway. Note: a NEW connection in always indicated by the presence of the term SYN in a firewall log entry such as the above examples. It is not present in your examples, therefore these connections must be related to an existing connection or the firewall considers them to be in error, and logs them as such. According to what I see in the firewall script, they will have been sent anyway, the log entry is just for your information, so you can check the system for potential errors (and there is an error somewhere, or you would not be getting these log entries -- what that error might be I do not know, other than to suggest verifying the conntrack module is loaded). ~~~~ Thanks for the detailed response. The module 'contrack' is not loaded, however the firewall is not on. Any clues? Best regards, ~James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-04-20 at 14:36 -0700, James D. Parra wrote:
Thanks for the detailed response. The module 'contrack' is not loaded, however the firewall is not on.
Huh? That answer is inconsistent: if the firewall is not on, as you say, then the module 'contrack' will not be loaded, and there will not be any messages from the firewall on the log - and as you posted a message from the firewall, what you just said can not be true. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGKT56tTMYHG2NR9URArGRAJ9m67vUc1kKRrPdLnkkEYTwLI84FgCfTpzD LiRXR5OjTFL319EyKGdNBbs= =podr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2007-04-20 15:36, James D. Parra wrote:
<snip>
Thanks for the detailed response. The module 'contrack' is not loaded, however the firewall is not on.
Any clues?
The module is actually named "ip_conntrack", and it is definitely loaded when the SuSEfirewall2 script is run (unless there is a bug in the script in the particular version of SusE you are running). The log entries you quoted are all labelled "SFW2-OUT-ERROR" and that can only come from the SuSEfirewall script. What is the output of: iptables -L -n -- Moral indignation is jealousy with a halo. -- HG Wells -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R.
-
Darryl Gregorash
-
James D. Parra