Re: Ipmasq problems
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sabino,
I had this *exact* same problem last night. What I did was remove
sysklogd and install syslog-ng. That brought me back to the
"expected" activity.
Note that anacron, at and something else are dependant on the
kernel logger meta-package. Quickly reinstalling them posed no
problems.
On Friday 11 January 2002 03:57 pm, Sabino Maggi wrote:
> Hi all!
>
> Since my upgrade from potato to woody, I cannot use ipmasq when working
> on a console because I get dozens of these warnings on the active
> console:
>
> "Packet log: input DENY eth0 PROTO=17 127.0.0.1:2301
> 255.255.255.255:2301 L=40 S=0x00 I=57567 F=0x0000 T=128 (#2)"
>
> plus all the other logs from ipchains.
>
> In potato, all the ipchains logs went only to /var/log/syslog (of
> course, both ipmasq rules and /etc/syslog.conf did not change in the
> upgrade).
>
> At the end, this behaviour makes virtually impossible to use the
> console... :-((
>
> I've solved the problem by adding an ipmasq rule that does not log
> **only** the udp packets coming from the loopback address on port 2301
> (first rule below):
>
> ------------------------------------------------------------------------
> /etc/ipmasq/rules$ cat I15lospoof.rul
>
> # ...
> #: Deny and log all packets trying to come in from a 127.0.0.0/8 address
> #: over a non-'lo' interface
> case $MASQMETHOD in
> ...
> ;;
> ipchains)
> $IPCHAINS -A input -j DENY -i ! lo -p udp -s 127.0.0.1/32 2301
> $IPCHAINS -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
> ;;
> ...
> esac
> ------------------------------------------------------------------------
>
> but this solution seems too "dirt" to me.
>
> What I wonder is:
>
> -- Is what I have done safe or could it be a security hole?
>
> -- Why packets with the loopback address are coming from the eth0
> interface on that port? (if I remember well, 2301 is used by some Compaq
> network management tool)?
>
> -- How can I avoid having the ipchains logs on the active console? I
> would prefer to send them to an unused tty, such as /dev/tty12.
>
> Thanks for any help.
>
> Bye
> Sabino
- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@cox.net |
| Jefferson, LA USA http://ronandheather.dhs.org |
| |
! "Millions of Chinese speak Chinese, and it's not |
! hereditary..." |
! Dr. Dean Adell(sp?) !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8P3C0jTz5dS9Us5wRAvidAJwJTCB8tQF+AskH7wKYQxIF+r+UGgCcDIB9
zXy8W8TwJJeuPDl9p56AaRk=
=huaK
-----END PGP SIGNATURE-----
Reply to: