Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On 2016-02-13 04:18, John Andersen wrote:
On 02/12/2016 11:19 AM, Carlos E. R. wrote:
That's why I was interested in these firewall log entries. I know (now) that
it is not the
first time I have got caught by this issue of icmp, I opened it in the
firewall, then I forgot.
Sigh.

Are we sure that netconsole is involved at in in the icmp issue?

Well, it is configured to use the 6666 port and those machines, as printed in
the firewall log message, so the assumption is that it is involved, yes.

Other log entries, that show netconsole is in use in that port:

<0.6> 2016-02-12 19:53:22 Telcontar kernel - - - [1047826.543640] netconsole:
network logging stopped on interface eth0 as it unregistered
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069431] netpoll:
netconsole: local port 6666
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069440] netpoll:
netconsole: local IPv4 address 192.168.1.14
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069441] netpoll:
netconsole: interface 'eth0'
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069442] netpoll:
netconsole: remote port 6666
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069444] netpoll:
netconsole: remote IPv4 address 192.168.1.15
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069445] netpoll:
netconsole: remote ethernet address 00:03:0d:05:17:fc
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069477] console
[netcon0] enabled
<0.6> 2016-02-12 19:53:32 Telcontar kernel - - - [1047837.069478] netconsole:
network logging started
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213903] netpoll:
netconsole: local port 6665
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213906] netpoll:
netconsole: local IPv4 address 0.0.0.0
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213908] netpoll:
netconsole: interface 'eth0'
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213909] netpoll:
netconsole: remote port 6666
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213910] netpoll:
netconsole: remote IPv4 address 192.168.1.15
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213912] netpoll:
netconsole: remote ethernet address 00:03:0d:05:17:fc
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213914] netpoll:
netconsole: local IP 192.168.1.14
<0.6> 2016-02-12 19:53:47 Telcontar kernel - - - [1047852.213916] netconsole:
network logging started



You only see the messages because your firewall blocks icmp.
Were you not blocking, the would just go through and you would never know.

Well, yes, but not now. I have explicitly opened icmp, but I have to wait a day
or more to see if there are more entries in the log.


DHCP servers ping before leasing an IP, just to make sure no one manually
assigned it. There are probably more legitimate uses for ping on your network
as well.

Ping was never blocked. It was ICMP which was blocked, but not ping.


Its uncommon to block icmp on your LAN, but common to block it on your Public
facing Nic.

I treat all internal interfaces as external, because I do not trust the
firewall on the router, which is provided by my ISP. I have little control over
it, and it does not receive security updates, AFAIK.

--
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)

< Previous Next >
Follow Ups