I have a server on an internal net with a gateway to the internet. Shorewall is installed on the server it has only one netinteface, though my plan is to use it as a firewall for my internal network later. Network: 10.0.0.0 Server: 10.0.0.10 Gateway: 10.0.0.1 Subnet: 255.255.255.0 Broadcast: 10.0.0.255 I get these DROP-messages every half minute kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=10.0.0.10 DST=10.0.0.255 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=27705 DF PROTO=UDP SPT=631 DPT=631 LEN=112 It looks like the server are sending broadcast and they are dropped or have I misunderstood something? I have put the broadcast address in interfaces net eth0 10.0.0.255 What is happening and what can I do???? Bjørn Fahnøe ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bjørn, this is a cups printing daemon searching for other IPP daemons. If you don''t need to print to or from the server: Simply disable it. HTH, Alex Bjørn Fahnøe schrieb:> I have a server on an internal net with a gateway to the internet. > Shorewall is installed on the server it has only one netinteface, > though my plan is to use it as a firewall for my internal network > later. Network: 10.0.0.0 Server: 10.0.0.10 Gateway: 10.0.0.1 > Subnet: 255.255.255.0 Broadcast: 10.0.0.255 > > I get these DROP-messages every half minute > > kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=10.0.0.10 > DST=10.0.0.255 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=27705 DF > PROTO=UDP SPT=631 DPT=631 LEN=112 > > It looks like the server are sending broadcast and they are dropped > or have I misunderstood something? > > I have put the broadcast address in interfaces > > net eth0 10.0.0.255 > > What is happening and what can I do???? > > Bjørn Fahnøe > > > > ------------------------------------------------------- This SF.net > email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that > makes searching your log files as easy as surfing the web. > DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_idv37&alloc_id865&op=click > _______________________________________________ Shorewall-users > mailing list Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDkZWTn4yHpyS1rqARAv/LAJ9MWLxLvjXt3X2FYEmi/81CjSPQSwCeOMp8 V0Mi+fepmQZppIy9Ntqp8Og=Tgzx -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Saturday 03 December 2005 04:54, Alexander Wilms wrote:> Hi Bjørn, > > this is a cups printing daemon searching for other IPP daemons. > If you don''t need to print to or from the server: Simply disable it. > > HTH, > Alex > > Bjørn Fahnøe schrieb: > > I have a server on an internal net with a gateway to the internet. > > Shorewall is installed on the server it has only one netinteface, > > though my plan is to use it as a firewall for my internal network > > later. Network: 10.0.0.0 Server: 10.0.0.10 Gateway: 10.0.0.1 > > Subnet: 255.255.255.0 Broadcast: 10.0.0.255 > > > > I get these DROP-messages every half minute > > > > kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=10.0.0.10 > > DST=10.0.0.255 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=27705 DF > > PROTO=UDP SPT=631 DPT=631 LEN=112 > > > > It looks like the server are sending broadcast and they are dropped > > or have I misunderstood something? > > > > I have put the broadcast address in interfaces > > > > net eth0 10.0.0.255 > > > > What is happening and what can I do????Bjørn & Alex, Given that Bjørn has specified the broadcast address in /etc/shorewall/interfaces, this look''s like the ''pkttype'' match in Bjørn''s kernel is broken (not uncommon). The workaround for that is to set PKTTYPE=No in /etc/shorewall/shorewall.conf. This forces Shorewall to make explicit tests on that destination IP address rather relying on the ''pkttype'' match. Bjørn doesn''t mention the version of Shorewall being used but with all supported versions of Shorewall (2.4.0 and later), that should eliminate the logging of these broadcast packets. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> On Saturday 03 December 2005 04:54, Alexander Wilms wrote: > >>Hi Bjørn, >> >>this is a cups printing daemon searching for other IPP daemons. >>If you don''t need to print to or from the server: Simply disable it. >> >>HTH, >>Alex >> >>Bjørn Fahnøe schrieb: >> >>>I have a server on an internal net with a gateway to the internet. >>>Shorewall is installed on the server it has only one netinteface, >>>though my plan is to use it as a firewall for my internal network >>>later. Network: 10.0.0.0 Server: 10.0.0.10 Gateway: 10.0.0.1 >>>Subnet: 255.255.255.0 Broadcast: 10.0.0.255 >>> >>>I get these DROP-messages every half minute >>> >>>kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=10.0.0.10 >>>DST=10.0.0.255 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=27705 DF >>>PROTO=UDP SPT=631 DPT=631 LEN=112 >>> >>>It looks like the server are sending broadcast and they are dropped >>>or have I misunderstood something? >>> >>>I have put the broadcast address in interfaces >>> >>>net eth0 10.0.0.255 >>> >>>What is happening and what can I do???? > > > Bjørn & Alex, > > Given that Bjørn has specified the broadcast address > in /etc/shorewall/interfaces, this look''s like the ''pkttype'' match in Bjørn''s > kernel is broken (not uncommon). The workaround for that is to set PKTTYPE=No > in /etc/shorewall/shorewall.conf. This forces Shorewall to make explicit > tests on that destination IP address rather relying on the ''pkttype'' match. > > Bjørn doesn''t mention the version of Shorewall being used but with all > supported versions of Shorewall (2.4.0 and later), that should eliminate the > logging of these broadcast packets. > > -TomThanks Tom it worked with pkttype=No, it also mentions this in the comments in shorewall.conf. I forgot to mention version, 2.4.1. Bjørn ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
Proposed Gentoo ebuild for 3.0.2: http://bugs.gentoo.org/show_bug.cgi?id=112942 Testing appreciated. __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Vieri Di Paola wrote:> Proposed Gentoo ebuild for 3.0.2: > http://bugs.gentoo.org/show_bug.cgi?id=112942 > Testing appreciated.It''s looking very good... The only thing was that the source URL http://shorewall.net/pub/shorewall/3.0/shorewall-3.0.2/shorewall-3.0.2.tgz failes with a ''500 Internal server error'' at the moment. Changing the protocol to FTP helps, although i think the original link should work as well? Also, i''m used to an empty /etc/shorewall directory from the Debian package, but i''m in doubt whether there is a preferred method. Good luck, -- - Pieter ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Pieter Ennes wrote:> The only thing was that the source URL > http://shorewall.net/pub/shorewall/3.0/shorewall-3.0.2/shorewall-3.0.2.tgz > failes with a ''500 Internal server error'' at the moment. Changing the > protocol to FTP helps, although i think the original link should work as > well? > >Oops. shorewall.net server is having issues.. we''ll look into it soon..
Vieri Di Paola wrote:> Proposed Gentoo ebuild for 3.0.2: > http://bugs.gentoo.org/show_bug.cgi?id=112942 > Testing appreciated. >Vieri, This is pretty hot. I think that it perhaps should warn people that Shorewall has changed _substantially_. (It seems that most packages in portage do that). In any case, it works and is a Good Thing(tm). thanks, joshua ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click