-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sabino,
I had this *exact* same problem last night. What I did was remove sysklogd and install syslog-ng. That brought me back to the "expected" activity. Note that anacron, at and something else are dependant on the kernel logger meta-package. Quickly reinstalling them posed no problems. On Friday 11 January 2002 03:57 pm, Sabino Maggi wrote: > Hi all! > > Since my upgrade from potato to woody, I cannot use ipmasq when working > on a console because I get dozens of these warnings on the active > console: > > "Packet log: input DENY eth0 PROTO=17 127.0.0.1:2301 > 255.255.255.255:2301 L=40 S=0x00 I=57567 F=0x0000 T=128 (#2)" > > plus all the other logs from ipchains. > > In potato, all the ipchains logs went only to /var/log/syslog (of > course, both ipmasq rules and /etc/syslog.conf did not change in the > upgrade). > > At the end, this behaviour makes virtually impossible to use the > console... :-(( > > I've solved the problem by adding an ipmasq rule that does not log > **only** the udp packets coming from the loopback address on port 2301 > (first rule below): > > ------------------------------------------------------------------------ > /etc/ipmasq/rules$ cat I15lospoof.rul > > # ... > #: Deny and log all packets trying to come in from a 127.0.0.0/8 address > #: over a non-'lo' interface > case $MASQMETHOD in > ... > ;; > ipchains) > $IPCHAINS -A input -j DENY -i ! lo -p udp -s 127.0.0.1/32 2301 > $IPCHAINS -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l > ;; > ... > esac > ------------------------------------------------------------------------ > > but this solution seems too "dirt" to me. > > What I wonder is: > > -- Is what I have done safe or could it be a security hole? > > -- Why packets with the loopback address are coming from the eth0 > interface on that port? (if I remember well, 2301 is used by some Compaq > network management tool)? > > -- How can I avoid having the ipchains logs on the active console? I > would prefer to send them to an unused tty, such as /dev/tty12. > > Thanks for any help. > > Bye > Sabino - -- +------------------------------------------------------------+ | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org | | | ! "Millions of Chinese speak Chinese, and it's not | ! hereditary..." | ! Dr. Dean Adell(sp?) ! +------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8P3C0jTz5dS9Us5wRAvidAJwJTCB8tQF+AskH7wKYQxIF+r+UGgCcDIB9 zXy8W8TwJJeuPDl9p56AaRk= =huaK -----END PGP SIGNATURE-----
