Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While setting up IP masquerade I installed the ipmasq package of debian. On the LAN computers everything is working fine. The only problem I get is a message flow on the terminals at the linux box. The message look like this:
Your logging level is too high so that all firewall messages comes to the console. If you are using iptables, check from the scripts the jumps to the LOG target and add a parameter --log-level debug. Logging rules should look something like
My rules are defined in /etc/ipmasq/rules/*.def files. The ZZZdenyandlog.def file holds the following definitions:
iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
These generate 7 rules containing log level warning, probably due to the usage of -A.
Some questions I have after reading some man pages on this topic:
What is 0.0.0.0/0, is it a valid IP and from what?
Why are these messages printed to console? Shouldn't they be saved in a seperate log file instead (not the messages log)?
Are the -s 0.0.0.0/0 and -d 0.0.0.0/0 necessary, what do they mean combined with the LOG extension?
Where exactly do I need to put the --log-level debug when -s and -d are necessary in front of or after -s and -d?
BTW, just copying your syntax, so deleting the -s and -d statements does solve my problem, but I still like to get the requested info to understand what is going on here.
The notation 0.0.0.0/0 means the ip-address range starting from 0.0.0.0 with 0 bits fixed (that is, all possible ip addresses). So the -s and -d flags seen there should do nothing.
A less trivial use of the syntax: 192.168.27.0/24 means ip-range starting from 192.168.27.0 and keeping 24 bits fixed, that is, ip-addresses from 192.168.27.0 to 192.168.27.255.
As default, the logs are passed to the syslog as warnings so they are treated so important that they are printed to the console and saved to the /var/log/syslog. If you want to store them somewere else, you can add a prefix to the LOG-target to the iptables line
(--log-prefix, see man iptables) and catch the prefix in the /etc/syslog.conf (see man syslog.conf)
If I remember correctly, the ordering of the options is meaningless to the program. I prefer using order
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
