This is a weird problem. I get the daily logwatch emails from our various servers and one of the things that I eyeball on a regular basis is the "Users logging in through sshd". I like to make sure that I don't see any logins from IP addresses that I don't recognize (as well as failed login attempts.)
We changed our firewall about a week and a half ago, over to Untangle. This has had no negative affect on any of the usual behavior except for one of our servers, a database server running RHEL 5.X (64 bit, fully up to date.) On this one system, I'm now seeing the following line in it's daily Logwatch email: *192.168.1.254 (firewall.watkins.edu <http://firewall.watkins.edu>): 2 times* That IP address is the firewall, itself. The firewall is NOT actually logging into this server. My Linux box at home is logging in via SSH, every day, to run backups. In the past, and with every other server that I remotely backup via SSH, every day, the Logwatch email reflects the IP address of my cable modem at home. In this one case, this server shows 192.168.1.254 (the firewall) as the source IP address instead of the "real" source IP address. Port forwarding to this server is set up exactly the same way as all the other servers. The backup program I'm running at home (dirvish) connects to this server, just like the other servers. The only variable that has changed is the firewall and possibly some recently-run yum updates. The only unique thing about this server, is that it is our only RHEL 5 server. We also have a RHEL 6 server and several CentOS 5/6 servers. Any ideas? Chris -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
