RE: eth0 vanishing

scan Tue, 07 Oct 2003 13:34:32 -0700

IPTABLES=/usr/sbin/iptables
INET_IFACE=eth0
ip=xxx.xxx.xxx.xxx


        # if accept - but set limit to avoid flood ping
    # $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \
             # --icmp-type echo-request \
             # -m limit --limit 1/s \
             # -j ACCEPT

        # if drop
    $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \
             --icmp-type echo-request \
             -j DROP

    $IPTABLES -A FORWARD  -i $INET_IFACE -d $ip -p icmp  \
             --icmp-type echo-reply \
             -j ACCEPT

    $IPTABLES -A FORWARD  -i $INET_IFACE -d $ip -p icmp  \
             --icmp-type destination-unreachable \
             -j ACCEPT

    $IPTABLES -A FORWARD  -i $INET_IFACE -d $ip -p icmp  \
             --icmp-type source-quench \
             -j ACCEPT

    $IPTABLES -A FORWARD  -i $INET_IFACE -d $ip -p icmp  \
             --icmp-type time-exceeded \
             -j ACCEPT

    $IPTABLES -A FORWARD  -i $INET_IFACE -d $ip -p icmp  \
             --icmp-type parameter-problem \
             -j ACCEPT

    $IPTABLES -A FORWARD  -i $INET_IFACE -d $ip -p icmp  \
             -j DROP

should help.

regards ~andreas
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of vvor
> Sent: Tuesday, October 07, 2003 9:58 PM
> To: Linux
> Subject: eth0 vanishing
>
>
> as i mentioned, i switched to iptables.
>
> now, every few hours, my roadrunner connection is dropping. this was not
> happening with ipchains! here is the part of my log just before
> it happens. i
> tried ifup, but that doesn't help. it fails to acquire the ip
> address. does
> anyone know what is happening? is my nic dying? is it iptables? i
> wish i had a
> clue. (rat is the name of my serer)
>
> Oct  7 11:12:53 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.93.59.9
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=108 ID=32984 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=13147
> Oct  7 11:13:10 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.92.55.84
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=116 ID=32344 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=63402
> Oct  7 11:13:11 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.91.237.92
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=109 ID=51960 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=10926
> Oct  7 11:13:16 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.87.204.62
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=112 ID=14451 PROTO=ICMP TYPE=8 CODE=0 ID=256
> SEQ=18987
> Oct  7 11:13:32 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.93.98.142
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=112 ID=14425 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=53582
> Oct  7 11:13:57 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.93.95.214
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=111 ID=23468 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=8539
> Oct  7 11:14:02 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.90.217.1
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=122 ID=55258 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=26314
> Oct  7 11:14:37 rat kernel: [ICMP drop] IN=eth0 OUT=
> MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.92.53.195
> DST=24.90.93.125
> LEN=92 TOS=0x00 PREC=0x00 TTL=115 ID=28474 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=484
> Oct  7 11:14:56 rat kernel: [UDP reject] IN= OUT=eth0 SRC=24.90.93.125
> DST=24.29.99.107 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> PROTO=UDP SPT=68
> DPT=67 LEN=556
> Oct  7 11:14:56 rat kernel: [UDP drop] IN= OUT=eth0 SRC=192.168.0.1
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> PROTO=UDP SPT=68
> DPT=67 LEN=308
> Oct  7 11:16:01 rat ntpd[1241]: sendto(192.5.41.40): Invalid argument
> Oct  7 11:17:24 rat ntpd[1241]: sendto(129.237.32.1): Invalid argument
> Oct  7 11:19:08 rat ntpd[1241]: sendto(128.206.12.150): Invalid argument
> Oct  7 11:20:04 rat ntpd[1241]: sendto(128.249.2.19): Invalid argument
> Oct  7 11:20:15 rat ntpd[1241]: sendto(192.52.71.4): Invalid argument
> Oct  7 11:26:10 rat ntpd[1241]: sendto(128.252.19.1): Invalid argument
> Oct  7 11:27:34 rat ntpd[1241]: sendto(192.5.41.41): Invalid argument
> Oct  7 11:28:13 rat ntpd[1241]: sendto(192.52.71.21): Invalid argument
> Oct  7 12:03:53 rat named[1319]: no longer listening on 24.90.93.125#53
>
> vora
>
>
>
> _______________________________________________
> Seawolf-list mailing list
> [EMAIL PROTECTED]
> https://www.redhat.com/mailman/listinfo/seawolf-list
>


_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/seawolf-list

RE: eth0 vanishing

Reply via email to