Re: Ipmasq problems

To: debian-firewall@lists.debian.org
Cc: maggi@ien.it
Subject: Re: Ipmasq problems
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Fri, 11 Jan 2002 17:09:40 -0600
Message-id: <[🔎] 20020111230957.CSNZ1278.lakemtao04.mgt.cox.net@there>
In-reply-to: <[🔎] 3C3F5FAC.BE0E6976@ien.it>
References: <[🔎] 3C3F5FAC.BE0E6976@ien.it>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sabino,

I had this *exact* same problem last night.  What I did was remove 
sysklogd and install syslog-ng.  That brought me back to the 
"expected" activity.

Note that anacron, at and something else are dependant on the
kernel logger meta-package.  Quickly reinstalling them posed no
problems.

On Friday 11 January 2002 03:57 pm, Sabino Maggi wrote:
> Hi all!
>
> Since my upgrade from potato to woody, I cannot use ipmasq when working
> on a console because I get dozens of these warnings on the active
> console:
>
> "Packet log: input DENY eth0 PROTO=17 127.0.0.1:2301
> 255.255.255.255:2301 L=40 S=0x00 I=57567 F=0x0000 T=128 (#2)"
>
> plus all the other logs from ipchains.
>
> In potato, all the ipchains logs went only to /var/log/syslog (of
> course, both ipmasq rules and /etc/syslog.conf did not change in the
> upgrade).
>
> At the end, this behaviour makes virtually impossible to use the
> console... :-((
>
> I've solved the problem by adding an ipmasq rule that does not log
> **only** the udp packets coming from the loopback address on port 2301
> (first rule below):
>
> ------------------------------------------------------------------------
> /etc/ipmasq/rules$ cat I15lospoof.rul
>
> # ...
> #: Deny and log all packets trying to come in from a 127.0.0.0/8 address
> #: over a non-'lo' interface
> case $MASQMETHOD in
>     ...
>     ;;
> ipchains)
>     $IPCHAINS -A input -j DENY -i ! lo -p udp -s 127.0.0.1/32 2301
>     $IPCHAINS -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
>     ;;
>     ...
> esac
> ------------------------------------------------------------------------
>
> but this solution seems too "dirt" to me.
>
> What I wonder is:
>
> -- Is what I have done safe or could it be a security hole?
>
> -- Why packets with the loopback address are coming from the eth0
> interface on that port? (if I remember well, 2301 is used by some Compaq
> network management tool)?
>
> -- How can I avoid having the ipchains logs on the active console? I
> would prefer to send them to an unused tty, such as /dev/tty12.
>
> Thanks for any help.
>
> Bye
> Sabino

- -- 
+------------------------------------------------------------+
| Ron Johnson, Jr.        Home: ron.l.johnson@cox.net        |
| Jefferson, LA  USA      http://ronandheather.dhs.org       |
|                                                            |
! "Millions of Chinese speak Chinese, and it's not           |
!  hereditary..."                                            |
!    Dr. Dean Adell(sp?)                                     !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8P3C0jTz5dS9Us5wRAvidAJwJTCB8tQF+AskH7wKYQxIF+r+UGgCcDIB9
zXy8W8TwJJeuPDl9p56AaRk=
=huaK
-----END PGP SIGNATURE-----

Reply to:

References:
- Ipmasq problems
  - From: Sabino Maggi <maggi@ien.it>

Prev by Date: Ipmasq problems
Next by Date: Re: Ipmasq problems
Previous by thread: Ipmasq problems
Next by thread: Re: Ipmasq problems
Index(es):
- Date
- Thread