On Tuesday 05 July 2005 01:20 am, Derek Jennings wrote: > On Tuesday 05 July 2005 01:53, Carroll Grigsby wrote: > > Thanks to the good people on this list, I finally made the jump from dial > > up to cable last month. At the same time, I set up a small network. So > > far, we only do connection sharing. All in all, it has gone quite well. > > Well, sorta... > > > > One of the things that I've noticed is that my messages log is getting > > crammed with entries from shorewall, growing to 968553 bytes in less than > > 40 hours of up time. Here is a brief sample from early yesterday morning: > > > > Jul 3 02:06:46 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 > > TTL=64 ID=13 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > > > Jul 3 02:07:17 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 > > TTL=64 ID=14 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > > > Jul 3 02:07:48 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 > > TTL=64 ID=15 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > > > Jul 3 02:08:19 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > > MAC= SRC=192.168.1.100 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 > > TTL=64 ID=16 DF PROTO=UDP SPT=631 DPT=631 LEN=127 > > > > (All of the ensuing messages are identical except for the ID.) > > > > I am running Mandriva 10.1. The box is connected to a Linksys WRT54G > > router via CAT cable using an on-board NIC at the 192.168.1.100 address. > > The router is connected to a cable modem and then out to the world. Since > > I am not running any servers here, both shorewall and the Linksys > > firewall are set up accordingly. There are two other computers connected > > to the router -- another Mandriva 10.1 box w/shorewall on a hard wired > > connection, and a miniMac on a wireless connection. The miniMac is > > restricted to the router's SSID, and the router will only talk to the > > miniMac's MAC address. > > > > Questions: > > 1. Are these messages worrisome? If so, what measures should I take? > > > > 2. If these messages are not indicative of a problem, but rather just > > part of running an always on connection, can I either dump these messages > > or have them written someplace else? > > > > Your advice is solicited. > > > > -- cmg > > 1/ No they are not worrysome. Port 631 is CUPS. Your CUPS server is looking > for other CUPS servers on your local network but your firewall is blocking > the polls. However because you are blocking CUPS then printing is not going > to work between your computers. Open port 631 and the messages will stop > and printing will work. The Firewall GUI in MCC will be able to open the > port for you. You should however block port 631 in your router to prevent > CUPS traffic getting out on the Internet. > > 2/ Yes you can suppress the messages in shorewall. Edit /etc/policy and in > the line all2all remove the INFO at the end. That will suppress log > messages for that rule. > > If you want to get funky with shorewall log messages you can log them to an > SQL database and view stats with a browser. Google for the application > 'webfwlog', but be warned there are quite a lot of steps to get it working. > > derek
Derek and Saku: Thanks for your help. I'll give it a go. Well, all except the part about setting up an SQL database. I have to confess that I never made the connection between CUPS and DPT/SPT -- they sound more like switch designations to me. -- cmg
____________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com Join the Club : http://www.mandrivaclub.com ____________________________________________________
