thr3ads.net - Shorewall devel - [Shorewall-devel] logs analise [Oct 2002]

If this information is useful, please help other people find it:
Share via:

fsiqueira99

2002-Oct-12 18:57 UTC

[Shorewall-devel] logs analise

My logs show thats:


A internal client search my proxy
(192.168.0.3)
Oct 12 12:40:33 massayo kernel:
Shorewall:all2all:REJECT:IN=3Deth1 OUT=3D
MAC=3D00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00
SRC=3D192.168.0.215 DST=3D192.168.0.3
LEN=3D63 TOS=3D0x00 PREC=3D0x00 TTL=3D128
ID=3D25902 PROTO=3DUDP SPT=3D3028 DPT=3D53 LEN=3D43

Why OUT is empty?

From: Server (DMZ)
Oct 12 12:40:34 massayo kernel:
Shorewall:all2all:REJECT:IN=3D OUT=3Deth2
SRC=3D192.168.1.1 DST=3D192.168.1.2 LEN=3D55
TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D0 DF
PROTO=3DUDP SPT=3D1025 DPT=3D53 LEN=3D35

Why IN is empty?

 
__________________________________________________________________________
Encontre sempre uma linha desocupada com o Discador BOL!
http://www.bol.com.br/discador
Ainda n=E3o tem AcessoBOL? Assine j=E1! http://www.bol.com.br/acessobol

Tom Eastep

2002-Oct-12 19:18 UTC

head link

[Shorewall-devel] logs analise

fsiqueira99 wrote:> My logs show thats:
> 
> 
> A internal client search my proxy
> (192.168.0.3)
> Oct 12 12:40:33 massayo kernel:
> Shorewall:all2all:REJECT:IN=eth1 OUT>
MAC=00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00
> SRC=192.168.0.215 DST=192.168.0.3
> LEN=63 TOS=0x00 PREC=0x00 TTL=128
> ID=25902 PROTO=UDP SPT=3028 DPT=53 LEN=43
> 
> Why OUT is empty?
The destination is the firewall system itself.
> 
> From: Server (DMZ)
> Oct 12 12:40:34 massayo kernel:
> Shorewall:all2all:REJECT:IN= OUT=eth2
> SRC=192.168.1.1 DST=192.168.1.2 LEN=55
> TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> PROTO=UDP SPT=1025 DPT=53 LEN=35
> 
> Why IN is empty?
> 
The source is the firewall system itself.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Tom Eastep

2002-Oct-12 19:34 UTC

head link

[Shorewall-devel] logs analise

fsiqueira99 wrote:> My logs show thats:
> 
> 
> A internal client search my proxy
> (192.168.0.3)
> Oct 12 12:40:33 massayo kernel:
> Shorewall:all2all:REJECT:IN=eth1 OUT>
MAC=00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00
> SRC=192.168.0.215 DST=192.168.0.3
> LEN=63 TOS=0x00 PREC=0x00 TTL=128
> ID=25902 PROTO=UDP SPT=3028 DPT=53 LEN=43
> 
> Why OUT is empty?
This says that computer 192.168.0.215 is sending a DNS query to your 
firewall system. You don''t have a rule that allows UDP port 53 from 
whatever zone 192.168.0.215 is in to the fw zone. Assuming that 
192.168.0l.215 is in the DMZ, then you need the rule:

ACCEPT	dmz	fw	udp	53

OR

You don''t have a DNS server on your firewall but 192.168.0.215 is 
configured as if you did. If that is the case then fix the DNS 
configuration on 192.168.0.215

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Seemingly Similar Threads

Search for more reasonably related threads

Shorewall devel - Oct 2002 - logs analise

[Shorewall-devel] logs analise

[Shorewall-devel] logs analise

[Shorewall-devel] logs analise

Seemingly Similar Threads