Why iptables logs is troubling me..so much?

apache · 07-26-2005, 02:58 AM

Hi Geeks,
My machine was hanged up in the morning...and lots of iptables logs were started pouring on screen...I was even unable to login..

The messages were something like that:
10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22244 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2f:06:19:08:00 SRC=10.0.1.49 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16750 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2b:b5:0b:08:00 SRC=10.0.1.111 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19591 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2f:06:19:08:00 SRC=10.0.1.49 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16757 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:11:2f:9b:44:08:00 SRC=10.0.1.71 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=49919 PROTO=UDP SPT=137 DPT=137 LEN=58

Can anyone tell me is it h/w issue or kernel..?
And if h/w is it with n/w card...?

Thanks..

apache · 07-26-2005, 03:00 AM

Oh..
I forgot the details..

It is Intel Xeon 4Processor...6GB RAM 350GB HD FC3 machine..
n/w card is of
Ethernet controller: Intel Corp. 82544GC Gigabit Ethernet Controller (LOM) (rev 02)

tommyr1216 · 07-26-2005, 09:45 AM

Those packets are using port 137, which I believe Windows uses to broadcast netbios name information. If you have Windows machines on your network, your Linux box is seeing those broadcasts and logging them. You are probably seeing these messages because you have a "-j LOG" somewhere in your IPTables rules. The log messages come from netfilter in the kernel, and thus are printed on the console. You can remove the log statements from IPTables or modify your syslog.conf to have kernel messages not go to the console. This should rid you of those messages, although I can't see why this would cause your system to hang.

Krugger · 07-26-2005, 05:26 PM

Maybe got nuked so you computer got really slow as it had to log all the packets coming from your gigabyte card into you log file. And maybe your logfiles got really big and filed your tiny 350Gb disk. Perhaps your are suffering from the too much log problem.