LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ipmasq message flow (https://www.linuxquestions.org/questions/linux-networking-3/ipmasq-message-flow-101194/)

Gilion 10-07-2003 08:28 AM
ipmasq message flow
 
While setting up IP masquerade I installed the ipmasq package of debian. On the LAN computers everything is working fine. The only problem I get is a message flow on the terminals at the linux box. The message look like this:

IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:d0:d3:3c:56:94:08:00 SRC=131.155.228.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=nnnnn PROTO=2

In which nnnnn is a varying id number.

What is this supposed to mean?

How can I get rid of these messages?

Gilion

ToniT 10-07-2003 09:40 AM
Your logging level is too high so that all firewall messages comes to the console. If you are using iptables, check from the scripts the jumps to the LOG target and add a parameter --log-level debug. Logging rules should look something like
Code:
iptables -A INPUT -j LOG --log-level debug

Gilion 10-08-2003 05:06 AM
My rules are defined in /etc/ipmasq/rules/*.def files. The ZZZdenyandlog.def file holds the following definitions:

iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0

These generate 7 rules containing log level warning, probably due to the usage of -A.

Some questions I have after reading some man pages on this topic:

What is 0.0.0.0/0, is it a valid IP and from what?
Why are these messages printed to console? Shouldn't they be saved in a seperate log file instead (not the messages log)?
Are the -s 0.0.0.0/0 and -d 0.0.0.0/0 necessary, what do they mean combined with the LOG extension?
Where exactly do I need to put the --log-level debug when -s and -d are necessary in front of or after -s and -d?

I hope you can answer those questions?

Gilion

Gilion 10-08-2003 05:32 AM
BTW, just copying your syntax, so deleting the -s and -d statements does solve my problem, but I still like to get the requested info to understand what is going on here.

Thanks for your help.

Gilion

ToniT 10-08-2003 10:33 AM
Well
  • The notation 0.0.0.0/0 means the ip-address range starting from 0.0.0.0 with 0 bits fixed (that is, all possible ip addresses). So the -s and -d flags seen there should do nothing.

    A less trivial use of the syntax: 192.168.27.0/24 means ip-range starting from 192.168.27.0 and keeping 24 bits fixed, that is, ip-addresses from 192.168.27.0 to 192.168.27.255.
  • As default, the logs are passed to the syslog as warnings so they are treated so important that they are printed to the console and saved to the /var/log/syslog. If you want to store them somewere else, you can add a prefix to the LOG-target to the iptables line
    (--log-prefix, see man iptables) and catch the prefix in the /etc/syslog.conf (see man syslog.conf)
  • If I remember correctly, the ordering of the options is meaningless to the program. I prefer using order
    Code:
    iptables [table_selection] chain_selection triggering_condition action action_parameters
    YMMV.


All times are GMT -5. The time now is 11:09 AM.