Re: [opensuse] Router firewall vs openSUSE firewall
On 08/28/2012 06:49 AM, James Knott wrote:
Bob Williams wrote:
Is it safe to rely on the router firewall alone, combined with NAT, always accepting that safety is a relative term?
Well, many commercial boxes run on Linux or BSD.
My firewall/router is openSUSE 11.4 on an old Compaq computer. Of course, security in depth can be more secure than a single layer.
My only thought is, "How bad would someone want to get into your system?" Here at home we just rely on the routers firewall. We run the cheap Cisco/Linksys routers with the DDWRT software. It's a bit better than the standard Linksys software. We turn off broadcast for wireless. That way the system is not visible to a casual scan. There's nothing here that would warrant someone spending an excessive amount of time hacking into. -- A veteran is someone who, at one point in their life, wrote a blank check made payable to ‘The United States of America’ for any amount, up to and including their life. _ _... ..._ _ _._ ._ ..... ._.. ... .._ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 14:25, Billie Walsh wrote:
On 08/28/2012 06:49 AM, James Knott wrote:
Bob Williams wrote:
Is it safe to rely on the router firewall alone, combined with NAT, always accepting that safety is a relative term?
Well, many commercial boxes run on Linux or BSD.
My firewall/router is openSUSE 11.4 on an old Compaq computer. Of course, security in depth can be more secure than a single layer.
My only thought is, "How bad would someone want to get into your system?"
Here at home we just rely on the routers firewall. We run the cheap Cisco/Linksys routers with the DDWRT software. It's a bit better than the standard Linksys software. We turn off broadcast for wireless. That way the system is not visible to a casual scan. There's nothing here that would warrant someone spending an excessive amount of time hacking into.
Some time ago I looked at /var/log/messages and was amazed to see someone was running a script to try and get through port 22. Of course, sshd rejected every attempt, but it prompted me to move ssh to a different port. So, there's always someone out there scanning for open ports. Apart from that, I just have the usual amount of personal information on this machine. I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc. Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 04:05 PM, Bob Williams wrote:
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
A better approach is to configure the firewall correctly Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 15:09, Togan Muftuoglu wrote:
On 08/28/2012 04:05 PM, Bob Williams wrote:
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
A better approach is to configure the firewall correctly
Togan
Which is what I asked in the original post, but you snipped that bit. So, how do I configure it correctly? Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 05:04 PM, Bob Williams wrote:
On 28/08/12 15:09, Togan Muftuoglu wrote:
On 08/28/2012 04:05 PM, Bob Williams wrote:
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
A better approach is to configure the firewall correctly
Togan
Which is what I asked in the original post, but you snipped that bit. So, how do I configure it correctly?
Thank you for believing my psychic powers, but today is a bit cloudy here so how about providing some information of your current setup, grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 16:18, Togan Muftuoglu wrote:
On 08/28/2012 05:04 PM, Bob Williams wrote:
On 28/08/12 15:09, Togan Muftuoglu wrote:
On 08/28/2012 04:05 PM, Bob Williams wrote:
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
A better approach is to configure the firewall correctly
Togan
Which is what I asked in the original post, but you snipped that bit. So, how do I configure it correctly?
Thank you for believing my psychic powers, but today is a bit cloudy here so how about providing some information of your current setup,
grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
Togan
barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d FW_DEV_EXT="eth0" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_DEV="" FW_MASQ_NETS="" FW_NOMASQ_NETS="" FW_PROTECT_FROM_INT="no" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="igmp" FW_SERVICES_EXT_RPC="" FW_CONFIGURATIONS_EXT="ntp rsync-server sshd" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_CONFIGURATIONS_DMZ="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" FW_CONFIGURATIONS_INT="" FW_SERVICES_DROP_EXT="" FW_SERVICES_DROP_DMZ="" FW_SERVICES_DROP_INT="" FW_SERVICES_REJECT_EXT="" FW_SERVICES_REJECT_DMZ="" FW_SERVICES_REJECT_INT="" FW_SERVICES_ACCEPT_EXT="192.168.1.20,tcp,6600 192.168.1.18,tcp,6600 192.168.1.14,tcp,8200,8200 192.168.1.14,udp,1900,1900 192.168.1.14,udp,8200,8200" FW_SERVICES_ACCEPT_DMZ="" FW_SERVICES_ACCEPT_INT="" FW_SERVICES_ACCEPT_RELATED_EXT="" FW_SERVICES_ACCEPT_RELATED_DMZ="" FW_SERVICES_ACCEPT_RELATED_INT="" FW_TRUSTED_NETS="" FW_FORWARD="" FW_FORWARD_REJECT="" FW_FORWARD_DROP="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG_LIMIT="" FW_LOG="" FW_KERNEL_SECURITY="" FW_STOP_KEEP_ROUTING_STATE="" FW_ALLOW_PING_FW="" FW_ALLOW_PING_DMZ="" FW_ALLOW_PING_EXT="" FW_ALLOW_FW_SOURCEQUENCH="" FW_ALLOW_FW_BROADCAST_EXT="no" FW_ALLOW_FW_BROADCAST_INT="no" FW_ALLOW_FW_BROADCAST_DMZ="no" FW_IGNORE_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_INT="no" FW_IGNORE_FW_BROADCAST_DMZ="no" FW_ALLOW_CLASS_ROUTING="" FW_CUSTOMRULES="" FW_REJECT="" FW_REJECT_INT="" FW_HTB_TUNE_DEV="" FW_IPv6="" FW_IPv6_REJECT_OUTGOING="" FW_IPSEC_TRUST="no" FW_ZONES="" FW_ZONE_DEFAULT='' FW_USE_IPTABLES_BATCH="" FW_LOAD_MODULES="nf_conntrack_netbios_ns" FW_FORWARD_ALWAYS_INOUT_DEV="" FW_FORWARD_ALLOW_BRIDGING="" FW_WRITE_STATUS="" FW_RUNTIME_OVERRIDE="" FW_LO_NOTRACK="" FW_BOOT_FULL_INIT="" barrowhillfarm:~ # This machine is 192.168.1.14. 192.168.1.20 is my laptop running gmpc which connects to an mpd server on 192.168.1.14 through port 6600. the references to tcp and udp traffic through ports 8200 and 1900 are my attempts to let minidlna traffic through. Many thanks for your help. Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 06:06 PM, Bob Williams wrote:
barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
This machine is 192.168.1.14.
192.168.1.20 is my laptop running gmpc which connects to an mpd server on 192.168.1.14 through port 6600.
the references to tcp and udp traffic through ports 8200 and 1900 are my attempts to let minidlna traffic through.
Many thanks for your help.
Change the following parameters as below FW_SERVICES_ACCEPT_EXT="" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes" FW_ALLOW_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_EXT="no" then with root privileges /sbin/SuSEfirewall2 start Begin trying to use your application and send the relevant part of the logs, ie if the service is unreachable then find the log entries which are dropped and send them or use susepaste.org which in that case send the paste id Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 17:42, Togan Muftuoglu wrote:
On 08/28/2012 06:06 PM, Bob Williams wrote:
barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
This machine is 192.168.1.14.
192.168.1.20 is my laptop running gmpc which connects to an mpd server on 192.168.1.14 through port 6600.
the references to tcp and udp traffic through ports 8200 and 1900 are my attempts to let minidlna traffic through.
Many thanks for your help.
Change the following parameters as below
FW_SERVICES_ACCEPT_EXT="" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes" FW_ALLOW_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_EXT="no"
then with root privileges /sbin/SuSEfirewall2 start
Begin trying to use your application and send the relevant part of the logs, ie if the service is unreachable then find the log entries which are dropped and send them or use susepaste.org which in that case send the paste id
Togan
The Bluray player at 192.168.1.16 said "No server found", and this is the relevant part of the log: Aug 28 19:13:14 localhost kernel: [18427.980357] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:14 localhost kernel: [18427.980509] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:14 localhost kernel: [18427.980700] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:14 localhost kernel: [18428.347521] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 19:13:14 localhost kernel: [18428.398038] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 19:13:14 localhost kernel: [18428.415520] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 19:13:14 localhost kernel: [18428.449021] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 19:13:14 localhost kernel: [18428.455094] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:14 localhost kernel: [18428.455293] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:14 localhost kernel: [18428.455488] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:14 localhost kernel: [18428.466024] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 19:13:14 localhost kernel: [18428.500169] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 19:13:14 localhost kernel: [18428.517147] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 19:13:14 localhost kernel: [18428.551145] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 19:13:14 localhost kernel: [18428.602227] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 19:13:17 localhost kernel: [18431.512246] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 19:13:17 localhost kernel: [18431.563015] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 19:13:18 localhost kernel: [18431.614043] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 19:13:18 localhost kernel: [18431.615433] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 19:13:18 localhost kernel: [18431.665531] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 19:13:18 localhost kernel: [18431.666026] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 19:13:18 localhost kernel: [18431.716399] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 19:13:18 localhost kernel: [18431.717011] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 19:13:18 localhost kernel: [18431.767191] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 19:13:18 localhost kernel: [18431.968239] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 19:13:18 localhost kernel: [18432.018284] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 19:13:18 localhost kernel: [18432.019097] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 19:13:18 localhost kernel: [18432.069067] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 19:13:18 localhost kernel: [18432.070066] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 19:13:18 localhost kernel: [18432.120026] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 19:13:18 localhost kernel: [18432.171173] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 19:13:18 localhost kernel: [18432.222226] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 19:13:18 localhost kernel: [18432.273214] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 19:13:18 localhost kernel: [18432.321201] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 19:13:18 localhost kernel: [18432.372113] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 19:13:18 localhost kernel: [18432.423088] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 19:13:18 localhost kernel: [18432.524250] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 19:13:18 localhost kernel: [18432.575049] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 19:13:19 localhost kernel: [18432.626031] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 19:13:19 localhost kernel: [18432.674233] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 19:13:19 localhost kernel: [18432.677203] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 19:13:19 localhost kernel: [18432.725065] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 19:13:19 localhost kernel: [18432.728209] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 19:13:19 localhost kernel: [18432.776245] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 19:13:19 localhost kernel: [18432.779225] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 19:13:19 localhost kernel: [18433.030289] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 19:13:19 localhost kernel: [18433.081037] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 19:13:19 localhost kernel: [18433.132098] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 19:13:19 localhost kernel: [18433.183289] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 19:13:19 localhost kernel: [18433.234149] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 19:13:19 localhost kernel: [18433.285147] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 19:13:25 localhost kernel: [18439.331265] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:25 localhost kernel: [18439.331631] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:25 localhost kernel: [18439.331641] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:44 localhost kernel: [18458.455354] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:44 localhost kernel: [18458.455546] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:44 localhost kernel: [18458.455727] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:45 localhost kernel: [18458.716622] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:45 localhost kernel: [18458.716790] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:45 localhost kernel: [18458.716991] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 19:13:56 localhost kernel: [18470.440761] SFW2-IN-ACC-EST IN=eth0 OUT= MAC=00:22:15:95:6f:43:00:50:7f:d3:e5:90:08:00 SRC=87.98.254.133 DST=192.168.1.14 LEN=76 TOS=0x00 PREC=0x00 TTL=55 ID=23160 PROTO=UDP SPT=123 DPT=123 LEN=56 Aug 28 19:14:04 localhost kernel: [18477.730244] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=305 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=285 Aug 28 19:14:04 localhost kernel: [18477.781439] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=314 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=294 Aug 28 19:14:04 localhost kernel: [18477.832500] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=345 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=325 Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 18:00pm up 3:53, 1 user, load average: 0.27, 0.20, 0.20 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 08:40 PM, Bob Williams wrote:
On 28/08/12 17:42, Togan Muftuoglu wrote:
On 08/28/2012 06:06 PM, Bob Williams wrote:
barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
This machine is 192.168.1.14.
192.168.1.20 is my laptop running gmpc which connects to an mpd server on 192.168.1.14 through port 6600.
the references to tcp and udp traffic through ports 8200 and 1900 are my attempts to let minidlna traffic through.
Many thanks for your help.
Change the following parameters as below
FW_SERVICES_ACCEPT_EXT="" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes" FW_ALLOW_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_EXT="no"
then with root privileges /sbin/SuSEfirewall2 start
Begin trying to use your application and send the relevant part of the logs, ie if the service is unreachable then find the log entries which are dropped and send them or use susepaste.org which in that case send the paste id
Togan
The Bluray player at 192.168.1.16 said "No server found", and this is the relevant part of the log:
Aug 28 19:13:14 localhost kernel: [18427.980357] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102
without changing anything and with root privileges from the console give these two commands echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts 2> /dev/null echo 20 > /proc/sys/net/ipv4/igmp_max_memberships 2> /dev/null Try again and send the relevant part of the logs Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 20:07, Togan Muftuoglu wrote:
On 08/28/2012 08:40 PM, Bob Williams wrote:
On 28/08/12 17:42, Togan Muftuoglu wrote:
On 08/28/2012 06:06 PM, Bob Williams wrote:
barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
This machine is 192.168.1.14.
192.168.1.20 is my laptop running gmpc which connects to an mpd server on 192.168.1.14 through port 6600.
the references to tcp and udp traffic through ports 8200 and 1900 are my attempts to let minidlna traffic through.
Many thanks for your help.
Change the following parameters as below
FW_SERVICES_ACCEPT_EXT="" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes" FW_ALLOW_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_EXT="no"
then with root privileges /sbin/SuSEfirewall2 start
Begin trying to use your application and send the relevant part of the logs, ie if the service is unreachable then find the log entries which are dropped and send them or use susepaste.org which in that case send the paste id
Togan
The Bluray player at 192.168.1.16 said "No server found", and this is the relevant part of the log:
Aug 28 19:13:14 localhost kernel: [18427.980357] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102
without changing anything and with root privileges from the console give these two commands
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts 2> /dev/null echo 20 > /proc/sys/net/ipv4/igmp_max_memberships 2> /dev/null
Try again and send the relevant part of the logs
Togan
Aug 28 20:16:59 localhost kernel: [22252.736791] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:16:59 localhost kernel: [22252.736945] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:16:59 localhost kernel: [22252.737171] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:16:59 localhost kernel: [22253.147863] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 20:16:59 localhost kernel: [22253.198465] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 20:16:59 localhost kernel: [22253.249643] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 20:16:59 localhost kernel: [22253.274980] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:16:59 localhost kernel: [22253.275390] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:16:59 localhost kernel: [22253.277783] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:16:59 localhost kernel: [22253.300741] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 20:16:59 localhost kernel: [22253.350792] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 20:16:59 localhost kernel: [22253.351607] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 20:16:59 localhost kernel: [22253.401647] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 20:16:59 localhost kernel: [22253.402675] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 20:16:59 localhost kernel: [22253.452525] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 20:17:02 localhost kernel: [22256.550662] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 20:17:02 localhost kernel: [22256.601464] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 20:17:03 localhost kernel: [22256.652699] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 20:17:03 localhost kernel: [22256.653675] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 20:17:03 localhost kernel: [22256.704489] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 20:17:03 localhost kernel: [22256.755476] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 20:17:03 localhost kernel: [22256.806616] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 20:17:03 localhost kernel: [22256.857607] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 20:17:03 localhost kernel: [22256.903688] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 20:17:03 localhost kernel: [22256.928162] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 20:17:03 localhost kernel: [22256.928748] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:17:03 localhost kernel: [22256.928941] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:17:03 localhost kernel: [22256.929154] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:17:03 localhost kernel: [22256.954606] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 20:17:03 localhost kernel: [22257.008245] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 20:17:03 localhost kernel: [22257.336761] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 20:17:03 localhost kernel: [22257.366862] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 20:17:03 localhost kernel: [22257.398378] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 20:17:03 localhost kernel: [22257.417597] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 20:17:03 localhost kernel: [22257.450602] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 20:17:03 localhost kernel: [22257.468572] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 20:17:03 localhost kernel: [22257.502276] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 20:17:03 localhost kernel: [22257.553052] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 20:17:03 localhost kernel: [22257.603710] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 20:17:04 localhost kernel: [22257.719691] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=304 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=284 Aug 28 20:17:04 localhost kernel: [22257.740775] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 28 20:17:04 localhost kernel: [22257.741591] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:7f:d3:e5:90:08:00 SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=254 ID=12280 PROTO=UDP SPT=67 DPT=68 LEN=308 Aug 28 20:17:04 localhost kernel: [22257.770622] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=313 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=293 Aug 28 20:17:04 localhost kernel: [22257.821565] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=344 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=324 Aug 28 20:17:04 localhost kernel: [22257.859570] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:7f:d3:e5:90:08:00 SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=254 ID=12281 PROTO=UDP SPT=67 DPT=68 LEN=308 Aug 28 20:17:04 localhost kernel: [22257.960705] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 20:17:04 localhost kernel: [22258.011505] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 20:17:04 localhost kernel: [22258.062469] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 20:17:04 localhost kernel: [22258.115193] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 20:17:04 localhost kernel: [22258.165774] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 20:17:04 localhost kernel: [22258.175116] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 28 20:17:04 localhost kernel: [22258.217834] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 20:17:04 localhost kernel: [22258.577954] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=300 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=280 Aug 28 20:17:05 localhost kernel: [22258.628449] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=309 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=289 Aug 28 20:17:05 localhost kernel: [22258.679501] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=356 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=336 Aug 28 20:17:05 localhost kernel: [22258.730633] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=344 Aug 28 20:17:05 localhost kernel: [22258.781582] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=366 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=346 Aug 28 20:17:05 localhost kernel: [22258.832598] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=354 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=2870 DPT=1900 LEN=334 Aug 28 20:17:10 localhost kernel: [22264.051782] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=192.168.1.21 DST=255.255.255.255 LEN=173 TOS=0x00 PREC=0x00 TTL=128 ID=16422 PROTO=UDP SPT=17500 DPT=17500 LEN=153 Aug 28 20:17:10 localhost kernel: [22264.054302] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=192.168.1.21 DST=192.168.1.255 LEN=173 TOS=0x00 PREC=0x00 TTL=128 ID=16423 PROTO=UDP SPT=17500 DPT=17500 LEN=153 Aug 28 20:17:14 localhost kernel: [22268.183275] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 28 20:17:14 localhost kernel: [22268.184371] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:7f:d3:e5:90:08:00 SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=254 ID=12282 PROTO=UDP SPT=67 DPT=68 LEN=308 Aug 28 20:17:14 localhost kernel: [22268.295404] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:7f:d3:e5:90:08:00 SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=254 ID=12283 PROTO=UDP SPT=67 DPT=68 LEN=308 Aug 28 20:17:15 localhost kernel: [22268.619254] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 28 20:17:21 localhost kernel: [22275.505832] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:22:15:95:6f:43:00:50:7f:d3:e5:90:08:00 SRC=173.194.34.136 DST=192.168.1.14 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=80 DPT=42152 WINDOW=0 RES=0x00 RST URGP=0 Aug 28 20:17:25 localhost kernel: [22278.629745] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 28 20:17:25 localhost kernel: [22278.630532] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:7f:d3:e5:90:08:00 SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=254 ID=12284 PROTO=UDP SPT=67 DPT=68 LEN=308 Aug 28 20:17:25 localhost kernel: [22278.742721] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:7f:d3:e5:90:08:00 SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=254 ID=12285 PROTO=UDP SPT=67 DPT=68 LEN=308 Aug 28 20:17:25 localhost kernel: [22279.063699] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:17:fe:83:a6:03:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 28 20:17:25 localhost kernel: [22279.181745] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=305 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=285 Aug 28 20:17:25 localhost kernel: [22279.233332] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=314 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=294 Aug 28 20:17:25 localhost kernel: [22279.284316] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=345 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=325 Aug 28 20:17:29 localhost kernel: [22283.273515] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:17:29 localhost kernel: [22283.273882] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 20:17:29 localhost kernel: [22283.273892] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 18:00pm up 3:53, 1 user, load average: 0.27, 0.20, 0.20 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 09:30 PM, Bob Williams wrote:
On 28/08/12 20:07, Togan Muftuoglu wrote:
On 08/28/2012 08:40 PM, Bob Williams wrote:
On 28/08/12 17:42, Togan Muftuoglu wrote:
On 08/28/2012 06:06 PM, Bob Williams wrote:
barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
Try again and send the relevant part of the logs
Togan
Now add this and then /sbin/Susefirewall2 start FW_SERVICES_EXT_UDP="1900" Try again and send the relevant part of the logs Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 20:41, Togan Muftuoglu wrote:
On 08/28/2012 09:30 PM, Bob Williams wrote:
On 28/08/12 20:07, Togan Muftuoglu wrote:
On 08/28/2012 08:40 PM, Bob Williams wrote:
On 28/08/12 17:42, Togan Muftuoglu wrote:
On 08/28/2012 06:06 PM, Bob Williams wrote:
> barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
Try again and send the relevant part of the logs
Togan
Now add this and then /sbin/Susefirewall2 start FW_SERVICES_EXT_UDP="1900"
Try again and send the relevant part of the logs
Togan
Aug 28 21:03:04 localhost kernel: [25018.202094] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:04 localhost kernel: [25018.202341] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:04 localhost kernel: [25018.202971] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:08 localhost kernel: [25021.827386] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:08 localhost kernel: [25021.828670] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:08 localhost kernel: [25022.127213] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:22:15:95:6f:43:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36883 DF PROTO=TCP SPT=38759 DPT=8200 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0402080AFFFC7D8900000000020405B401030305) Aug 28 21:03:23 localhost kernel: [25037.123634] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:23 localhost kernel: [25037.124033] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:23 localhost kernel: [25037.124455] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102 Aug 28 21:03:25 localhost kernel: [25039.363262] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=305 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=285 Aug 28 21:03:25 localhost kernel: [25039.414478] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=314 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=294 Aug 28 21:03:25 localhost kernel: [25039.465467] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=345 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=51000 DPT=1900 LEN=325 -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 18:00pm up 3:53, 1 user, load average: 0.27, 0.20, 0.20 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 10:09 PM, Bob Williams wrote:
On 28/08/12 20:41, Togan Muftuoglu wrote:
On 08/28/2012 09:30 PM, Bob Williams wrote:
On 28/08/12 20:07, Togan Muftuoglu wrote:
On 08/28/2012 08:40 PM, Bob Williams wrote:
On 28/08/12 17:42, Togan Muftuoglu wrote:
On 08/28/2012 06:06 PM, Bob Williams wrote: >> > barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
Try again and send the relevant part of the logs
Togan
Now add this and then /sbin/Susefirewall2 start FW_SERVICES_EXT_UDP="1900"
Try again and send the relevant part of the logs
Togan
Aug 28 21:03:04 localhost kernel: [25018.202094] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102
So now the packet is accepted and what about the actual problem of not being able to find the server / not being able to watch/listen issue Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 21:21, Togan Muftuoglu wrote:
On 08/28/2012 10:09 PM, Bob Williams wrote:
On 28/08/12 20:41, Togan Muftuoglu wrote:
On 08/28/2012 09:30 PM, Bob Williams wrote:
On 28/08/12 20:07, Togan Muftuoglu wrote:
On 08/28/2012 08:40 PM, Bob Williams wrote:
On 28/08/12 17:42, Togan Muftuoglu wrote: > On 08/28/2012 06:06 PM, Bob Williams wrote: >>> >> barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
Try again and send the relevant part of the logs
Togan
Now add this and then /sbin/Susefirewall2 start FW_SERVICES_EXT_UDP="1900"
Try again and send the relevant part of the logs
Togan
Aug 28 21:03:04 localhost kernel: [25018.202094] SFW2-INext-ACC-UDP IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=59000 DPT=1900 LEN=102
So now the packet is accepted and what about the actual problem of not being able to find the server / not being able to watch/listen issue
Togan
Well, the client is still not seeing the server. Is this line relevant? Aug 28 21:03:08 localhost kernel: [25022.127213] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:22:15:95:6f:43:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36883 DF PROTO=TCP SPT=38759 DPT=8200 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0402080AFFFC7D8900000000020405B401030305) Working from your example above, I added FW_SERVICES_EXT_TCP="8200" followed by /sbin/SuSEfirewall2 start and it worked! I guess I need to undo those logging rules, now. Many thanks for your help. Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 18:00pm up 3:53, 1 user, load average: 0.27, 0.20, 0.20 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/28/2012 10:45 PM, Bob Williams wrote:
On 28/08/12 21:21, Togan Muftuoglu wrote: Well, the client is still not seeing the server.
Is this line relevant?
Aug 28 21:03:08 localhost kernel: [25022.127213] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:22:15:95:6f:43:00:1c:50:49:04:b6:08:00 SRC=192.168.1.16 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36883 DF PROTO=TCP SPT=38759 DPT=8200 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0402080AFFFC7D8900000000020405B401030305)
Yes, sorry I forgot about it
Working from your example above, I added
FW_SERVICES_EXT_TCP="8200" followed by /sbin/SuSEfirewall2 start
and it worked! I guess I need to undo those logging rules, now. Many thanks for your help.
Well done, and yes it would be better with the logging rules back to their default values. Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bob Williams [28.08.2012 16:05]:
On 28/08/12 14:25, Billie Walsh wrote:
On 08/28/2012 06:49 AM, James Knott wrote:
Bob Williams wrote:
Is it safe to rely on the router firewall alone, combined with NAT, always accepting that safety is a relative term?
Well, many commercial boxes run on Linux or BSD.
My firewall/router is openSUSE 11.4 on an old Compaq computer. Of course, security in depth can be more secure than a single layer.
My only thought is, "How bad would someone want to get into your system?"
Here at home we just rely on the routers firewall. We run the cheap Cisco/Linksys routers with the DDWRT software. It's a bit better than the standard Linksys software. We turn off broadcast for wireless. That way the system is not visible to a casual scan. There's nothing here that would warrant someone spending an excessive amount of time hacking into.
Some time ago I looked at /var/log/messages and was amazed to see someone was running a script to try and get through port 22. Of course, sshd rejected every attempt, but it prompted me to move ssh to a different port.
So, there's always someone out there scanning for open ports. Apart from that, I just have the usual amount of personal information on this machine.
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
Don't you have a firewall on the router? Why do you allow access on port 22 from the outside there? Choose a port that is known just by you (for example, 7722) and make the router forwarding this port to your host's port 22. Do not allow direct access, because this will just fill your logs with the login attempts of script kiddies. Second, try something like fail2ban. On our aged NX server (port 22 accessible from outside), we use this as protection, and about 99% of the attacks stop after 5 attempts when the client is disallowed for the first time. HTH Werner -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 15:19, Werner Flamme wrote:
Bob Williams [28.08.2012 16:05]:
On 28/08/12 14:25, Billie Walsh wrote:
On 08/28/2012 06:49 AM, James Knott wrote:
Bob Williams wrote:
Is it safe to rely on the router firewall alone, combined with NAT, always accepting that safety is a relative term?
Well, many commercial boxes run on Linux or BSD.
My firewall/router is openSUSE 11.4 on an old Compaq computer. Of course, security in depth can be more secure than a single layer.
My only thought is, "How bad would someone want to get into your system?"
Here at home we just rely on the routers firewall. We run the cheap Cisco/Linksys routers with the DDWRT software. It's a bit better than the standard Linksys software. We turn off broadcast for wireless. That way the system is not visible to a casual scan. There's nothing here that would warrant someone spending an excessive amount of time hacking into.
Some time ago I looked at /var/log/messages and was amazed to see someone was running a script to try and get through port 22. Of course, sshd rejected every attempt, but it prompted me to move ssh to a different port.
So, there's always someone out there scanning for open ports. Apart from that, I just have the usual amount of personal information on this machine.
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
Don't you have a firewall on the router? Why do you allow access on port 22 from the outside there? Choose a port that is known just by you (for example, 7722) and make the router forwarding this port to your host's port 22. Do not allow direct access, because this will just fill your logs with the login attempts of script kiddies.
Didn't you read what I wrote? and you quoted? It was that episode, when I was younger and less experienced, that prompted me do what you have suggested
Second, try something like fail2ban. On our aged NX server (port 22 accessible from outside), we use this as protection, and about 99% of the attacks stop after 5 attempts when the client is disallowed for the first time.
I'll take a look at fail2ban. Thanks for the suggestion.
HTH Werner
Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bob Williams wrote:
Some time ago I looked at /var/log/messages and was amazed to see someone was running a script to try and get through port 22. Of course, sshd rejected every attempt, but it prompted me to move ssh to a different port.
Changing port numbers doesn't buy you a lot of security. On the other hand, using public/private keys provides much more security than passwords. Access to my network is via ssh or vpn only. so those are the only things I have to allow through my firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/12 15:59, James Knott wrote:
Bob Williams wrote:
Some time ago I looked at /var/log/messages and was amazed to see someone was running a script to try and get through port 22. Of course, sshd rejected every attempt, but it prompted me to move ssh to a different port.
Changing port numbers doesn't buy you a lot of security. On the other hand, using public/private keys provides much more security than passwords. Access to my network is via ssh or vpn only. so those are the only things I have to allow through my firewall.
Well, we're drifting off topic here, but yes, my ssh connections are all done with passwordless logins using public/private key pairs. Now, about letting minidlna traffic through my oS firewall... Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Billie Walsh -
Bob Williams -
James Knott -
Togan Muftuoglu -
Werner Flamme