Hello,
I saw that when activating bandwith monitoring in Webmin...
You can safely remove these lines and restart Shorewall.
But the better way would be to clean up Webmin.
Best regards;
Jerome Blion.
Dennis Wicks a écrit :
Greetings;
My syslog is getting 100s of thousands of messages like
the following (these are just a sample); (BTW I am
running Debian/lenny)
May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0
May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37902 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0
May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37903 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0
May 11 12:41:31 gatekeeper kernel: BANDWIDTH_OUT:IN=eth0 OUT=eth1 SRC=204.2.145.29 DST=192.168.31.1 LEN=1500 TOS=0x00 PREC=0x00 TTL=118 ID=2300 DF PROTO=TCP SPT=80 DPT=4697 WINDOW=32552 RES=0x00 ACK URGP=0
I think I have traced the "cause" of them to the file
/etc/shorewall/start which contains the following four
records;
run_iptables -I INPUT -i eth1 -j LOG --log-prefix BANDWIDTH_IN: --log-level
debug
run_iptables -I FORWARD -i eth1 -j LOG --log-prefix BANDWIDTH_IN: --log-level
debug
run_iptables -I FORWARD -o eth1 -j LOG --log-prefix BANDWIDTH_OUT: --log-level
debug
run_iptables -I OUTPUT -o eth1 -j LOG --log-prefix BANDWIDTH_OUT: --log-level
debug
But, I am not sure these are what is causeing the
records tobe logged, and I can't figure out how to
change them to stop the logging but keep the firewall
operational.
Can anybody give me an assist?
Thanks,
Dennis
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
