Hi everybody, I have configured my Shorewall as a standalone system, I use ppp0 through a router, and the only configuration I have put is : Interfaces: net ppp0 - noping I have tested the firewall and everything works very well. I am just wondering what this means: Dec 14 22:25:15 localhost kernel: Shorewall:OUTPUT:DROP:IN= OUT=eth0 SRC=10.0.0.10 DST=10.0.0.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=114 (I have an ethenet adapter, with IP address 10.0.0.0 and netmask 255.255.255.0, but it is not configured in Shorewall, so where does this log come from? I am a complete network newbie, although I''ve read many docs...) Thanks for your comments, -- Philippe Berini PGP Key: http://pypm.nerim.net/phb.asc
Hi There, To my knowledge it means that your DHCP server is broadcasting. Nothing you have to worry about, because the UDP packet was dropped. greets Antonio Gaviano On Sat, 2002-12-14 at 22:49, Philippe Berini wrote:> Hi everybody, > > I have configured my Shorewall as a standalone system, I use ppp0 through a > router, and the only configuration I have put is : > > Interfaces: > net ppp0 - noping > > I have tested the firewall and everything works very well. > > I am just wondering what this means: > > Dec 14 22:25:15 localhost kernel: Shorewall:OUTPUT:DROP:IN= OUT=eth0 > SRC=10.0.0.10 DST=10.0.0.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF > PROTO=UDP SPT=631 DPT=631 LEN=114 > > (I have an ethenet adapter, with IP address 10.0.0.0 and netmask > 255.255.255.0, but it is not configured in Shorewall, so where does this log > come from? I am a complete network newbie, although I''ve read many docs...) > > Thanks for your comments,
Looks like an IPP broadcast. Maybe it comes from your cups server or another IPP enabled print server broadcasting its browse list every so many seconds. On Sat, 2002-12-14 at 13:49, Philippe Berini wrote:> Hi everybody, > > I have configured my Shorewall as a standalone system, I use ppp0 through a > router, and the only configuration I have put is : > > Interfaces: > net ppp0 - noping > > I have tested the firewall and everything works very well. > > I am just wondering what this means: > > Dec 14 22:25:15 localhost kernel: Shorewall:OUTPUT:DROP:IN= OUT=eth0 > SRC=10.0.0.10 DST=10.0.0.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF > PROTO=UDP SPT=631 DPT=631 LEN=114 > > (I have an ethenet adapter, with IP address 10.0.0.0 and netmask > 255.255.255.0, but it is not configured in Shorewall, so where does this log > come from? I am a complete network newbie, although I''ve read many docs...) > > Thanks for your comments,-- Pascal DeMilly <list.shorewall@newgenesys.com>
Le Dim 15 Décembre 2002 03:57, Pascal DeMilly a écrit :> Looks like an IPP broadcast. Maybe it comes from your cups server or > another IPP enabled print server broadcasting its browse list every so > many seconds.Thanks to those who answered. Do you think there is something I should change? -- Philippe Berini PGP Key: http://pypm.nerim.net/phb.asc
If indeed you are running cups and 10.0.0.10 your box, just comments in /etc/cups/cupsd.conf the line that says BrowseAddress 10.0.0.255 On Sun, 2002-12-15 at 02:27, Philippe Berini wrote:> Le Dim 15 Décembre 2002 03:57, Pascal DeMilly a écrit : > > > Looks like an IPP broadcast. Maybe it comes from your cups server or > > another IPP enabled print server broadcasting its browse list every so > > many seconds. > > Thanks to those who answered. > Do you think there is something I should change?-- Pascal DeMilly <list.shorewall@newgenesys.com>
Le Dim 15 Décembre 2002 22:58, Pascal DeMilly a écrit :> If indeed you are running cups and 10.0.0.10 your box, just comments in > /etc/cups/cupsd.conf the line that says BrowseAddress 10.0.0.255Thanks ! I had the following in my /etc/cups/cupsd.conf #BrowseAddress x.y.z.255 #BrowseAddress x.y.255.255 #BrowseAddress x.255.255.255 #BrowseAddress 255.255.255.255 BrowseAddress @LOCAL #BrowseAddress @IF(name) I commented "BrowseAddress @LOCAL", and the firewall logs about 10.0.0.10 have stopped, so it''s good ! But now cups doesn''t browse anything, is it a problem? -- Philippe Berini PGP Key: http://pypm.nerim.net/phb.asc
Philippe Berini <philippe@berini.org> wrote:> Dec 14 22:25:15 localhost kernel: Shorewall:OUTPUT:DROP:IN= OUT=eth0 > SRC=10.0.0.10 DST=10.0.0.255 LEN=134 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF > PROTO=UDP SPT=631 DPT=631 LEN=114Examine the log message piece by piece. IN= OUT=eth0 The packet originated from the firewall itself (no interface), and was sent out on the eth0 interface. SRC=10.0.0.10 DST=10.0.0.255 The source and destination addresses on the packet. 10.0.0.255 is likely the broadcast address, though you haven''t yet told us anything about the addresses and netmasks you use. 10.0.0.10 is presumably your firewall''s eth0 address. PROTO=UDP SPT=631 DPT=631 The packet was from port 631/udp, destined to port 631/udp. Looking in your /etc/services file you will see: $ grep -w 631 /etc/services ipp 631/tcp # Internet Printing Protocol ipp 631/udp # Internet Printing Protocol So your firewall is sending out an IPP broadcast, on eth0, to all hosts on the 10.0.0.0/24 network. This probably means you''re running a print server on the firewall; if this is not what you want to do, uninstall the print server software. -- \ "When I was crossing the border into Canada, they asked if I | `\ had any firearms with me. I said, ''Well, what do you need?''" | _o__) -- Steven Wright | bignose@zip.com.au F''print 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B