SuSE(8.2)firewall2 and Dantz Retrospect client
Greetings all you firewall-pros out there, I'm using SuSE PRO 8.2 on a machine which is partly backed up daily using Dantz Retrospect 6. The server is running on a remote Apple computer in our server HQ. The backup operations seems to work fine. However, the server machine is multicasting some kínd of polls to all the clients, which flood my firewall logs. It looks like this: //: Aug 27 00:11:02 torvalds kernel: SuSE-FW-ILLEGAL-TARGET IN=eth0 OUT= MAC=01:zz:5e:zz:00:zz:00:zz:93:zz:ff:zz:08:zz SRC=AAA.BBB.CCC.DDD DST=224.1.0.38 LEN=224 TOS=0x00 PREC=0x00 TTL=1 ID=3001 PROTO=UDP SPT=59174 DPT=497 LEN=204 :// (thousands of these on different high SPT:s) The Retrospect server AAA.BBB.CCC.DDD is registered among my FW_TRUSTED_NETS and the dantz service (sap 497) is in my FW_ALLOW_INCOMING_HIGHPORTS_UDP. I suspect, however, that it is the multicast DST address 224.1.0.38 that screws things up. Does anyone have any suggestions on how to deal with this in my client config, so that my syslog can get some rest? Thanks in advance -- Ch
Hello, On Wednesday 27 August 2003 11:17, Christian Andersson wrote:
Greetings all you firewall-pros out there,
I'm using SuSE PRO 8.2 on a machine which is partly backed up daily using Dantz Retrospect 6. The server is running on a remote Apple computer in our server HQ. The backup operations seems to work fine.
However, the server machine is multicasting some kínd of polls to all the clients, which flood my firewall logs. It looks like this:
//: Aug 27 00:11:02 torvalds kernel: SuSE-FW-ILLEGAL-TARGET IN=eth0 OUT= MAC=01:zz:5e:zz:00:zz:00:zz:93:zz:ff:zz:08:zz SRC=AAA.BBB.CCC.DDD DST=224.1.0.38 LEN=224 TOS=0x00 PREC=0x00 TTL=1 ID=3001 PROTO=UDP SPT=59174 DPT=497 LEN=204 :// (thousands of these on different high SPT:s)
The Retrospect server AAA.BBB.CCC.DDD is registered among my FW_TRUSTED_NETS and the dantz service (sap 497) is in my FW_ALLOW_INCOMING_HIGHPORTS_UDP. I suspect, however, that it is the multicast DST address 224.1.0.38 that screws things up.
Does anyone have any suggestions on how to deal with this in my client config, so that my syslog can get some rest?
I don't have SuSE 8.2 here but in 8.0 the right place to do this is /etc/sysconfig/scripts/SuSEfirewall2-custom. At the start of that file is a section "fw_custom_before_antispoofing" including a description what it is good for. For example, a line iptables -A INPUT -j ACCEPT -d 224.1.0.38 should help in your case (i.e. stop logging these annoying messages).
Thanks in advance
Regards Martin -- Martin Leweling Westf. Wilhelms-Universitaet Muenster Zentrum fuer Informationsverarbeitung
participants (2)
-
Christian Andersson -
Martin Leweling