Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On 02/11/2016 05:48 AM, Marcus Meissner wrote:
On Thu, Feb 11, 2016 at 02:43:27PM +0100, Carlos E. R. wrote:


(192.168.1.14)
<0.4> 2016-02-10 15:12:20 Telcontar kernel - - - [962406.171985]
SFW2-INext-DROP-DEFLT IN=eth0 OUT=
MAC=00:21:85:16:2d:0b:00:03:0d:05:17:fc:08:00 SRC=192.168.1.15
DST=192.168.1.14 LEN=371 TOS=0x00 PREC=0xC0 TTL=64 ID=16013 PROTO=ICMP
TYPE=3 CODE=3 [SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00
TTL=64 ID=3128 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]
<0.4> 2016-02-10 15:12:20 Telcontar kernel - - - [962406.172846]
SFW2-INext-DROP-DEFLT IN=eth0 OUT=
MAC=00:21:85:16:2d:0b:00:03:0d:05:17:fc:08:00 SRC=192.168.1.15
DST=192.168.1.14 LEN=371 TOS=0x00 PREC=0xC0 TTL=64 ID=16014 PROTO=ICMP
TYPE=3 CODE=3 [SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00
TTL=64 ID=3129 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]

udp port 6666 is open on the firewall on both machines. It corresponds
to "netconsole", which should be sending kernel log entries to another
machine (192.168.1.15), where I run this to capture entries:


netcat -u -l 6666 | tee -a remote_log



On sending machine (192.168.1.14) I do, for testing (netconsole fails):

netcat -u 192.168.1.15 6666
Hello world
^C

and it is printed on 192.168.1.15, thus the firewall is open. Right?
Then why those drops in the firewall?
Maybe that's the reason that netconsole is failing.

Both machines run 13.1.
This same setup worked last December.

It is a ICMP message. TYPE=3 CODE=3 is "destination/port not reachable".

It was caused by a connection from 192.168.1.14 to 192.168.1.15 in UDP mode,
port 6666:
[SRC=192.168.1.14 DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00 TTL=64
ID=3128 PROTO=UDP SPT=6666 DPT=6666 LEN=323 ]

Ciao, Marcus


Could be the firewall dropping icmp on that interface, not realizing it is
needed by some
packages. Dropping ICMP at machines that are behind your main internet
firewall is often
less than productive.

--
After all is said and done, more is said than done.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups