ipmasq message flow
While setting up IP masquerade I installed the ipmasq package of debian. On the LAN computers everything is working fine. The only problem I get is a message flow on the terminals at the linux box. The message look like this:
IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:d0:d3:3c:56:94:08:00 SRC=131.155.228.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=nnnnn PROTO=2 In which nnnnn is a varying id number. What is this supposed to mean? How can I get rid of these messages? Gilion |
Your logging level is too high so that all firewall messages comes to the console. If you are using iptables, check from the scripts the jumps to the LOG target and add a parameter --log-level debug. Logging rules should look something like
Code:
iptables -A INPUT -j LOG --log-level debug |
My rules are defined in /etc/ipmasq/rules/*.def files. The ZZZdenyandlog.def file holds the following definitions:
iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0 iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0 iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0 These generate 7 rules containing log level warning, probably due to the usage of -A. Some questions I have after reading some man pages on this topic: What is 0.0.0.0/0, is it a valid IP and from what? Why are these messages printed to console? Shouldn't they be saved in a seperate log file instead (not the messages log)? Are the -s 0.0.0.0/0 and -d 0.0.0.0/0 necessary, what do they mean combined with the LOG extension? Where exactly do I need to put the --log-level debug when -s and -d are necessary in front of or after -s and -d? I hope you can answer those questions? Gilion |
BTW, just copying your syntax, so deleting the -s and -d statements does solve my problem, but I still like to get the requested info to understand what is going on here.
Thanks for your help. Gilion |
Well
|
All times are GMT -5. The time now is 11:09 AM. |