Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Firewall and alot of log entries
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5847
Location: Removed by Neddy

PostPosted: Thu Feb 03, 2005 12:09 am    Post subject: Firewall and alot of log entries Reply with quote

I decided to setup a firewall just to be on the safe side.

I am using firehol to generate the nessacery iptable rules

Code:

root@Fluid jrb # cat /etc/firehol/firehol.conf
#!/usr/sbin/firehol


FIREHOL_LOG_MODE="LOG"
FIREHOL_LOG_LEVEL="2"
FIREHOL_LOG_BURST="5"
FIREHOL_LOG_FREQUENCY="10/minute"


interface eth0 home
        server  dns     accept
        server  ftp     accept
        server  dhcp    accept
        server  http    accept

        server  netbios_ssn     deny
        server  microsoft_ds    reject  with    tcp-reset
        server  samba           deny
        server  cups            deny


        client  all     accept

        protection      strong
        policy          reject
        server  ident   reject  with    tcp-reset




seems to do ok - an online firewall now show some prev open port are now filtered - all well and good.


However, my /var/log/messages is getting really filled up with entried to do with the firewall and one particular address!!!


Code:

...
Feb  3 00:00:21 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.66.216 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=19528 DF PROTO=TCP SPT=1557 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
Feb  3 00:00:28 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=40761 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:00:32 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=40766 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:00:39 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=40791 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:00:46 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=40811 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:00:59 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=40816 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:01:04 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=40847 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:01:10 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=40862 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:01:10 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=40867 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:01:16 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=40877 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:01:25 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=40975 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:01:26 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=40980 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:01:27 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.69.37 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35430 DF PROTO=TCP SPT=4250 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Feb  3 00:01:27 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.69.37 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35489 DF PROTO=TCP SPT=4250 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Feb  3 00:01:28 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.69.37 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35521 DF PROTO=TCP SPT=4250 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Feb  3 00:01:32 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=40999 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:01:38 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.67.158 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2728 DF PROTO=TCP SPT=4511 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Feb  3 00:01:39 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.67.158 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2778 DF PROTO=TCP SPT=4511 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Feb  3 00:01:39 Fluid IN-home:IN=eth0 OUT= MAC=00:12:17:4d:e2:eb:00:0d:66:22:8c:a8:08:00 SRC=82.36.67.158 DST=82.36.68.27 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2829 DF PROTO=TCP SPT=4511 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Feb  3 00:01:44 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41030 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:01:47 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41039 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:01:51 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41059 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:00 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41069 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:05 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41079 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:09 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41099 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:02:18 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41124 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:21 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41177 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:02:30 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41192 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:02:33 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41197 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:37 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41210 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:47 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41220 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:02:49 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41225 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:02:59 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41243 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:03:00 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41248 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:03:09 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41293 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:03:14 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41303 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:03:26 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41400 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:03:27 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41413 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:03:35 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41426 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:03:38 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41444 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:03:42 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41462 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:03:48 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=41477 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:03:54 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41496 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:04:00 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41536 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:04:13 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41553 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:04:15 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=41558 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:04:19 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41621 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:04:31 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=41646 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:04:31 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41651 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:04:40 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41656 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:04:45 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41675 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:04:59 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41727 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:05:05 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41736 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:05:08 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41741 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:05:14 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41746 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:05:18 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=41751 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:05:18 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=255 ID=41756 PROTO=UDP SPT=67 DPT=68 LEN=316
Feb  3 00:05:24 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41826 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:05:36 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41861 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:05:38 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41866 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:05:42 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41871 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:05:52 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41896 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:05:57 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41910 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:06:04 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=420 TOS=0x00 PREC=0x00 TTL=255 ID=41924 PROTO=UDP SPT=67 DPT=68 LEN=400
Feb  3 00:06:07 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41929 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:06:15 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=41954 PROTO=UDP SPT=67 DPT=68 LEN=308
Feb  3 00:06:22 Fluid IN-home:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:66:22:8c:54:08:00 SRC=10.69.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=42013 PROTO=UDP SPT=67 DPT=68 LEN=308



It is really filling up my log file!!!!!


Now the original reason I thoguht about seeting up a firewall was because I am on broadband and have been for a while. I have had a ping of about 20ms

But in the last month or two this has been going upto 130ms!!!! (also evedent while playing UT2004).
Now I always ping bbc.co.uk (but same for google)

I did a traceroute and the "10.69.0.1" address is in the chain and is the longest time in the chain

Now this 10.69.0.1 seems to be a main name resolver server but it is screwing me around!!! any ideas?
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
angoraspruce
Apprentice
Apprentice


Joined: 08 Jan 2005
Posts: 193
Location: Minnesota, USA

PostPosted: Thu Feb 03, 2005 1:32 am    Post subject: Reply with quote

If you're running out of disk space due to large firewall logs, limit what gets logged via your iptables, or speed up the log rotation so that fewer entries are sitting around. To do the latter, go to '/etc/logrotate.conf' and change the line for your firewall/iptables from something like 'rotate 14' (or whatever it is) to a lesser amount of days.

And if you think that the particular '10.69.0.1' dns is slowing you down, change '/etc/resolve.conf' to delete it (this is assuming that you also have a secondary or two still listed).
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5847
Location: Removed by Neddy

PostPosted: Thu Feb 03, 2005 1:37 am    Post subject: Reply with quote

chears, I have changed the config to:

Code:

#!/usr/sbin/firehol


FIREHOL_LOG_MODE="LOG"
FIREHOL_LOG_LEVEL="2"
FIREHOL_LOG_BURST="5"
FIREHOL_LOG_FREQUENCY="10/minute"

#my_ip=

interface eth0 internet # src not "$UNROUTABLE_IPS" dsr "$my_ip"

        client  all     accept
        policy          accept
        protection      strong

        server  netbios_ssn     deny
        server  microsoft_ds    reject  with    tcp-reset
        server  samba           deny
        server  cups            deny
        server  sunrpc          deny
        server  telnet          deny

        server ident reject with tcp-reset



and thus stopping all those nameserver problems. But I still am getting lag from the 10.69.0.1 when I traceroute any address

how would I go about removing it since it is not listed in /etc/resolve.conf?
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
angoraspruce
Apprentice
Apprentice


Joined: 08 Jan 2005
Posts: 193
Location: Minnesota, USA

PostPosted: Thu Feb 03, 2005 4:58 am    Post subject: Reply with quote

Naib wrote:
But I still am getting lag from the 10.69.0.1 when I traceroute any address

how would I go about removing it since it is not listed in /etc/resolve.conf?

Your DNS might be configured into your router, if you have one, or if you have DHCP it could be overwriting it, in which case it might be possible to reconfigure the DHCP.

Regardless, you could get the secondary DNS's that your ISP uses, and add them to resolv.conf and see if that works.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5847
Location: Removed by Neddy

PostPosted: Thu Feb 03, 2005 1:02 pm    Post subject: Reply with quote

yup the cable modem acts as a DHCP server (in conjuction with main Blueyonder server).

in the resolv.conf I have two IP addresses (62.???.???.??? - im at work atm so dunno them). These seem to be valid nameservers for blueyonder, that 10.??? does not appear.

I could try replacing them

The thing is my connection can be good - last night at 2am my ping was ~15 it is only during the evenings that it gets messed up.

A couple of mates of mine at work are also on BY and after I mentioned I wa having weird ping probs they had a look (both on XP, I have trien in 2k as well). They also see it


Looks more of a ISP prob then my box - we suspect that BY have over-subscibed for the ammount of hardware they have. ie they are providing a kinda "timeshare" bandwidth

all have 1M connection BUT ppl will not want all that bandwidth at the same time, but looks like they have pushed it and it is starting to effect ppl
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum