On Tuesday 05 July 2005 01:53, Carroll Grigsby wrote: > Thanks to the good people on this list, I finally made the jump from dial > up to cable last month. At the same time, I set up a small network. So far, > we only do connection sharing. All in all, it has gone quite well. Well, > sorta... > > One of the things that I've noticed is that my messages log is getting > crammed with entries from shorewall, growing to 968553 bytes in less than > 40 hours of up time. Here is a brief sample from early yesterday morning: > > Jul 3 02:06:46 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 > ID=13 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > Jul 3 02:07:17 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 > ID=14 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > Jul 3 02:07:48 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 > ID=15 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > Jul 3 02:08:19 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 > ID=16 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > (All of the ensuing messages are identical except for the ID.) > > I am running Mandriva 10.1. The box is connected to a Linksys WRT54G router > via CAT cable using an on-board NIC at the 192.168.1.100 address. The > router is connected to a cable modem and then out to the world. Since I am > not running any servers here, both shorewall and the Linksys firewall are > set up accordingly. There are two other computers connected to the router > -- another Mandriva 10.1 box w/shorewall on a hard wired connection, and a > miniMac on a wireless connection. The miniMac is restricted to the router's > SSID, and the router will only talk to the miniMac's MAC address. > > Questions: > 1. Are these messages worrisome? If so, what measures should I take? > > 2. If these messages are not indicative of a problem, but rather just part > of running an always on connection, can I either dump these messages or > have them written someplace else? > > Your advice is solicited. > > -- cmg
1/ No they are not worrysome. Port 631 is CUPS. Your CUPS server is looking for other CUPS servers on your local network but your firewall is blocking the polls. However because you are blocking CUPS then printing is not going to work between your computers. Open port 631 and the messages will stop and printing will work. The Firewall GUI in MCC will be able to open the port for you. You should however block port 631 in your router to prevent CUPS traffic getting out on the Internet. 2/ Yes you can suppress the messages in shorewall. Edit /etc/policy and in the line all2all remove the INFO at the end. That will suppress log messages for that rule. If you want to get funky with shorewall log messages you can log them to an SQL database and view stats with a browser. Google for the application 'webfwlog', but be warned there are quite a lot of steps to get it working. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
____________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com Join the Club : http://www.mandrivaclub.com ____________________________________________________
