Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On Thu, Feb 11, 2016 at 02:43:27PM +0100, Carlos E. R. wrote:


(192.168.1.14)
<0.4> 2016-02-10 15:12:20 Telcontar kernel - - - [962406.171985]
SFW2-INext-DROP-DEFLT IN=eth0 OUT=
MAC=00:21:85:16:2d:0b:00:03:0d:05:17:fc:08:00 SRC=192.168.1.15
DST=192.168.1.14 LEN=371 TOS=0x00 PREC=0xC0 TTL=64 ID=16013 PROTO=ICMP TYPE=3
CODE=3 [SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00 TTL=64
ID=3128 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]
<0.4> 2016-02-10 15:12:20 Telcontar kernel - - - [962406.172846]
SFW2-INext-DROP-DEFLT IN=eth0 OUT=
MAC=00:21:85:16:2d:0b:00:03:0d:05:17:fc:08:00 SRC=192.168.1.15
DST=192.168.1.14 LEN=371 TOS=0x00 PREC=0xC0 TTL=64 ID=16014 PROTO=ICMP TYPE=3
CODE=3 [SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00 TTL=64
ID=3129 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]

udp port 6666 is open on the firewall on both machines. It corresponds
to "netconsole", which should be sending kernel log entries to another
machine (192.168.1.15), where I run this to capture entries:


netcat -u -l 6666 | tee -a remote_log



On sending machine (192.168.1.14) I do, for testing (netconsole fails):

netcat -u 192.168.1.15 6666
Hello world
^C

and it is printed on 192.168.1.15, thus the firewall is open. Right?
Then why those drops in the firewall?
Maybe that's the reason that netconsole is failing.

Both machines run 13.1.
This same setup worked last December.

It is a ICMP message. TYPE=3 CODE=3 is "destination/port not reachable".

It was caused by a connection from 192.168.1.14 to 192.168.1.15 in UDP mode,
port 6666:
[SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00 TTL=64
ID=3128 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References