LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-28-2003, 02:20 AM   #1
TongueTied
Member
 
Registered: Aug 2003
Distribution: SuSE 8.1 pro
Posts: 94

Rep: Reputation: 15
Question Help decipher lines in messages file suse firewall


Does anyone know where I might find information on deciphering messages from the SuSE firewall? I fond the following two lines in my messages file listed a number of times and I am trying to figure out what they are all about. Any ideas?

Aug 28 05:38:15 myserver kernel: SuSE-FW-TRACEROUTE-ATTEMPT IN= OUT=eth0 SRC=192.168.1.1 DST=192.168.1.12 LEN=56 TOS=0x00 PREC=0xC0 TTL=64 ID=29472 PROTO=ICMP TYPE=11 CODE=0 [SRC=192.168.1.12 DST=12.158.33.17 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=2247 DF PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=1024 ]

Aug 28 05:37:12 myserver kernel: SuSE-FW-ILLEGAL-TARGET IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:30:f1:47:be:2d:08:00 SRC=10.44.44.26 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=5311 PROTO=2

Some background on my settings:
My server is myserver and has an ip of 192.168.1.1 on the internal card eth0 and an isp assigned ip of 10.44.44.15 on the external card eth1.
192.168.1.12 is simply a machine on my network
I am running the SuSE firewall2 that came with SuSE 8.1 and it is set in Quick mode which should as far as I understand block everything externally and nothing internally.
 
Old 08-28-2003, 04:50 PM   #2
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
TongueTied, your logs are showing messages from iptables/netfilter, as configured by the Suse-firewall.

I hope this link will help you, as it explains better than me...

http://logi.cc/linux/netfilter-log-format.php3
 
Old 05-04-2004, 02:10 AM   #3
TongueTied
Member
 
Registered: Aug 2003
Distribution: SuSE 8.1 pro
Posts: 94

Original Poster
Rep: Reputation: 15
Tried using that link but I still don't understand if it is simply a notice of activity or something I should be concerned about.
 
Old 05-04-2004, 12:40 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790
myserver kernel: SuSE-FW-TRACEROUTE-ATTEMPT IN= OUT=eth0 SRC=192.168.1.1 DST=192.168.1.12 PROTO=ICMP
Outbound ICMP traffic triggering traceroute rule (from internal "myserver" address to internal "simply a machine on my network" address).


myserver kernel: SuSE-FW-ILLEGAL-TARGET IN=eth1 OUT= DST=224.0.0.1 PROTO=2
Inbound request for IGMP from "myserver" public address to external network multicast address.

Like everything that isn't abused, traceroutes and multicasts are harmless activity unless your network policy dictates otherwise. If unnecessary it's just harmless and annoying. If your policy needs these rules in place you could drop the LOG target rules.

Last edited by unSpawn; 05-04-2004 at 12:42 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where is the firewall file in SuSe 9.0 ALInux Suse/Novell 4 06-24-2005 08:14 AM
Redirecting the kernel messages to file other than /var/log/messages jyotika_b83 Linux - General 3 04-28-2005 06:39 PM
how to decipher PCI error messages (what are the field defiens for xxxx:xx.xa.n) jg167 Linux - Hardware 1 08-20-2004 02:04 AM
outputting firewall messages to a file instead if stdout schatoor Linux - Networking 2 06-25-2004 11:40 AM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 03:35 AM


All times are GMT -5. The time now is 02:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration