Ipmasq problems
Hi all!
Since my upgrade from potato to woody, I cannot use ipmasq when working
on a console because I get dozens of these warnings on the active
console:
"Packet log: input DENY eth0 PROTO=17 127.0.0.1:2301
255.255.255.255:2301 L=40 S=0x00 I=57567 F=0x0000 T=128 (#2)"
plus all the other logs from ipchains.
In potato, all the ipchains logs went only to /var/log/syslog (of
course, both ipmasq rules and /etc/syslog.conf did not change in the
upgrade).
At the end, this behaviour makes virtually impossible to use the
console... :-((
I've solved the problem by adding an ipmasq rule that does not log
**only** the udp packets coming from the loopback address on port 2301
(first rule below):
------------------------------------------------------------------------
/etc/ipmasq/rules$ cat I15lospoof.rul
# ...
#: Deny and log all packets trying to come in from a 127.0.0.0/8 address
#: over a non-'lo' interface
case $MASQMETHOD in
...
;;
ipchains)
$IPCHAINS -A input -j DENY -i ! lo -p udp -s 127.0.0.1/32 2301
$IPCHAINS -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
;;
...
esac
------------------------------------------------------------------------
but this solution seems too "dirt" to me.
What I wonder is:
-- Is what I have done safe or could it be a security hole?
-- Why packets with the loopback address are coming from the eth0
interface on that port? (if I remember well, 2301 is used by some Compaq
network management tool)?
-- How can I avoid having the ipchains logs on the active console? I
would prefer to send them to an unused tty, such as /dev/tty12.
Thanks for any help.
Bye
Sabino
--
Reply to: