Mailinglist Archive: opensuse-security (465 mails)
| < Previous | Next > |
Where does SuSEfirewall2 log dropped packets???
- From: Monte Milanuk <milanuk@xxxxxxxxx>
- Date: Sat, 22 Dec 2001 21:08:04 -0800 (PST)
- Message-id: <Pine.LNX.4.33.0112222102020.29459-100000@xxxxxxxxxxxxxxxxxxxxx>
I am attempting to figure out what is causing my SuSEfirewall2 to not work
w/ a given service. I set the logging options to the following:
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW
but the only thing firewall related that shows up in /var/log/firewall (or
/var/log/messages is this:
Dec 22 11:56:22 lansvr kernel: SuSE-FW-ACCEPTIN=eth0 OUT=
MAC=00:a0:cc:3b:b4:0b:00:10:5a:11:8a:bc:08:00 SRC=192.168.1.3
DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20416 DF PROTO=TCP
SPT=893 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A0998BD690000000001030300)
The source port (SPT) is about the only thing that really varies. It is
supposed to be an rpc.mount command over NFS, but it's not working w/
SuSEfirewall2 just yet. And w/ no more than this, a single logged packet
that _looks_ like it was accepted, not dropped, I don't know where else to
look.
TIA,
Monte
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
w/ a given service. I set the logging options to the following:
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW
but the only thing firewall related that shows up in /var/log/firewall (or
/var/log/messages is this:
Dec 22 11:56:22 lansvr kernel: SuSE-FW-ACCEPTIN=eth0 OUT=
MAC=00:a0:cc:3b:b4:0b:00:10:5a:11:8a:bc:08:00 SRC=192.168.1.3
DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20416 DF PROTO=TCP
SPT=893 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A0998BD690000000001030300)
The source port (SPT) is about the only thing that really varies. It is
supposed to be an rpc.mount command over NFS, but it's not working w/
SuSEfirewall2 just yet. And w/ no more than this, a single logged packet
that _looks_ like it was accepted, not dropped, I don't know where else to
look.
TIA,
Monte
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
| < Previous | Next > |