/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi all,
I'm using RH7.1 (kernel 2.4), and got an iptables script running...
Everything works fine, except one thing:
When I'm in a shell (not in X that is), messages like
Jun 12 21:28:31 saintpc kernel: IN=eth1 OUT=
MAC=01:00:5e:00:00:01:08:00:3e:10:66:ca:08:00 SRC=10.95.13.146
DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=15872 PROTO=2
appear on the screen instead of in /var/log/messages
I'm quite sure this didn't happen before I had iptables running, so it's
got to have something to do with that... this is my iptables script:
#!/bin/sh
# first empty everything
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# this lets all established connections through
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# lets some connections to this computer
iptables -A INPUT -m state --state NEW -s 127.0.0.1 -p all -j ACCEPT
iptables -A INPUT -m state --state NEW -s 192.168.0.2 -p tcp -m
multiport --dports 111 -j ACCEPT
iptables -A INPUT -m state --state NEW -s 192.168.0.2 -p udp -m
multiport --dports 1025,111,2049 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp -m multiport --dports
ftp,www,113,6699,7111,6346,6347,22 -j ACCEPT
#iptables -A INPUT -m state --state NEW -p udp -m multiport --dports 22
-j ACCEPT
iptables -A INPUT -m state --state NEW -s 195.130.132.17 -p udp -m
multiport --dports 68 -j ACCEPT
iptables -A INPUT -m state --state NEW -s 195.130.132.18 -p udp -m
multiport --dports 68 -j ACCEPT
#iptables -A INPUT -m state --state NEW -p tcp --dport 1024:2000 -j
ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# logs everything not accepted earlier
iptables -A INPUT -j LOG --log-level info
# let forwarded ready connections thru
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# let anything from your internal lan machines to net and back
iptables -A FORWARD -m state --state NEW -i eth0 -j ACCEPT
# iptables -A FORWARD -m state --state NEW -s 192.168.1.0/24 -j ACCEPT
# logs everything not accepted earlier
iptables -A FORWARD -j LOG --log-level info
# this is the masquerading
# all the masquerading in iptables is done in NAT table
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
So as you can see, the logging should be at info level... I think I've
got the right settings in my /etc/syslog.conf as well... this is it:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.*
/var/log/boot.log
Does anyone have a clue what could be the cause of my troubles?
Thanks in advance
Cheers
Hans
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
