Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE-FW-DROP-ANTI-SPOOFING IN
  • From: "Dr. Peter Bast" <pb@xxxxxxxx>
  • Date: Wed, 05 Jun 2002 13:15:59 +0200
  • Message-id: <3CFDF2EF.31ED13B9@xxxxxxxx>


Peer Stefan schrieb:

> hello,
>
> > From: Dr. Peter Bast [mailto:pb@xxxxxxxx]
> > Hello,
> >
> > I get permanently the following messages in my /var/log/messages:
> >
> > Jun 5 11:05:20 inis kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT=
> > MAC= SRC=192.168.201.55 DST=192.168.201.255 LEN=32 TOS=0x00 PREC=0x00
> > TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=12
> > Jun 5 11:05:20 inis kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT=
> > MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=32 TOS=0x00
> > PREC=0x00 TTL=64
> > ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=12
>
> according to /etc/services udp-port 520 serves a routing protocoll.
>
> >
> > I use a Server with SuSE Linux 8.0 connected to a LAN via eth0
> > (192.168.201.55) and to an externel ADSL-Router via eth1
> > (192.168.0.2).
> > The LAN-IP of the Hardware-Router is 192.168.0.1. All Netmasks are set
> > to 255.255.255.0. The connections between the internal
> > Netdevice (eth0)
> > and the external Netdevice (eth1) are very slow. On the
> > Server running
> > BIND9, Squid Samba and Sendmail.
> did you enable routing in the kernel (i guess so) and do you need it?
> do you use a hub where eth0 is connected to the adsl-router?
>
> if you just want to get rid of the entries you have to configure
> /etc/rc.config.d/firewall2-custom.rc.config and add something like
> fw_custom_before_antispoofing() {
> iptables -A INPUT -j [DROP|ACCEPT] -p udp --dport 520
> true
> }
> hope that helps you a bit.
>
> regards,
> stefan

The adsl-router is connected direct to the externel device (eth1) of the
server. The internel device (eth0) is connect to a switch.
The same configuration was running on an ohter server with SuSE Linux 7.0
(Kernel 2.2) and SuSEfirewall1.

regards,
Peter
< Previous Next >
References