Carroll Grigsby wrote:
Thanks to the good people on this list, I finally made the jump from dial up
to cable last month. At the same time, I set up a small network. So far, we
only do connection sharing. All in all, it has gone quite well. Well,
sorta...
One of the things that I've noticed is that my messages log is getting crammed
with entries from shorewall, growing to 968553 bytes in less than 40 hours of
up time. Here is a brief sample from early yesterday morning:
Jul 3 02:06:46 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= MAC=
SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=13
DF PROTO=UDP SPT=631 DPT=631 LEN=127
Jul 3 02:07:17 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= MAC=
SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=14
DF PROTO=UDP SPT=631 DPT=631 LEN=127
Jul 3 02:07:48 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= MAC=
SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=15
DF PROTO=UDP SPT=631 DPT=631 LEN=127
Jul 3 02:08:19 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= MAC=
SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=16
DF PROTO=UDP SPT=631 DPT=631 LEN=127
(All of the ensuing messages are identical except for the ID.)
I am running Mandriva 10.1. The box is connected to a Linksys WRT54G router
via CAT cable using an on-board NIC at the 192.168.1.100 address. The router
is connected to a cable modem and then out to the world. Since I am not
running any servers here, both shorewall and the Linksys firewall are set up
accordingly. There are two other computers connected to the router -- another
Mandriva 10.1 box w/shorewall on a hard wired connection, and a miniMac on a
wireless connection. The miniMac is restricted to the router's SSID, and the
router will only talk to the miniMac's MAC address.
Questions:
1. Are these messages worrisome? If so, what measures should I take?
2. If these messages are not indicative of a problem, but rather just part of
running an always on connection, can I either dump these messages or have
them written someplace else?
Your advice is solicited.
-- cmg
I am a newbie and I think I partially solved this one (I had the same
issue on two computers). However, I would really love to get comments on
my "solution" from more experienced Linux users, especially if it is
terribly misguided.
These messages come from CUPS ("Common Unix Print System") trying
periodically send some signal to your printer. Shorewall blocks this
signal unless you allow it. In my case not allowing it did not have any
effect on printing. Following line placed in /etc/shorewall/rules
(should not be a security risk, but don't take my word for it) should
take care of the noise in the syslogs:
ACCEPT net:192.168.1.100 all udp 631 -
Saku
____________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
Join the Club : http://www.mandrivaclub.com
____________________________________________________
