Problems with 2.2.14

From: Damian Gerow (damian@itactics.com)
Date: Wed Apr 05 2000 - 14:58:48 EST

Next message: Elmer Joandi: "Doubled bogomips on SMP"
Previous message: david parsons: "Re: >64MB RAM problems, why?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Please note that I am not subscribed to the mailing list - if you can,
please CC a response to: damian@itactics.com ]

I am having a minor problem with kernel 2.2.14.

We have a forwarding firewall set up with an external IP address of
207.139.193.46, and an internal ip of 207.176.252.1 on a class C
network. Firewall rules are somewhat strict, but not obsessively so.

The problem lies within logging. I tend to log everything that is
denied or rejected, which has resulted in absurdly large log files in
the past few weeks because of a network mapping package (IP
207.139.193.66) set up by our ISP. It sends out SNMP requests to each
IP on all networks it is connected to, and if these requests fail, it
relies on ICMP. I have allowed all ICMP from this computer in without a
problem, but am having problems with SNMP. For some reason, all SNMP
packets that are sent to 207.176.252.1 are DENYed, and subsequently
logged. Here are all applicable firewalling rules:

ipchains -F input
ipchains -F forward
ipchains -P forward DENY

ipchains -A input -p udp -s 207.139.193.66 -d 207.139.193.46 161 -j
ACCEPT
ipchains -A input -p udp -s 207.139.193.66 -d 207.176.252.0/24 161 -j
ACCEPT
ipchains -A input -p udp -s 207.139.193.66 -d 207.176.252.1 161 -j
ACCEPT

Here is a section of the packets logged:

Apr 5 15:56:08 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP
207.139.193.66:46670 207.176.252.1:161 L=77:57 S=0x00 I=15014 T=62
Apr 5 15:56:19 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP
207.139.193.66:46714 207.176.252.1:161 L=77:57 S=0x00 I=15018 T=62
Apr 5 15:56:30 pwfw kernel: Packet log: unserved DENY eth0 PROTO=UDP
207.139.193.66:46766 207.176.252.1:161 L=77:57 S=0x00 I=28079 T=62

[ Taking out the last rule gives no different result ]

The firewall is running on 2.2.14, with the OpenWall v1 patch and a
Linux TCP/IP stack patch (http://www.innu.org/~sean) applied*, as a
SCSI-only system. Modules inserted are: ide-disk, ide-mod, acm, and
3c59x. The two network cards are both 3Com 3C905C cards.

If anyone can help me with this, I would greatly appreciate it. If more
information is needed, I will gladly supply it.

* - He has recieved a copy of this as well.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Elmer Joandi: "Doubled bogomips on SMP"
Previous message: david parsons: "Re: >64MB RAM problems, why?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Apr 07 2000 - 21:00:15 EST