FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 05-11-2008, 01:34 AM
Raj Kiran Grandhi
 
Default Strange msgs in syslog

Dennis Wicks wrote:

Greetings;

I have just noticed that syslog on my firewall contains hundreds if not
thousands of messages like this.


Do they indicate an error of some kind?

If not, how do I turn them off?

kernel: BANDWIDTH_IN:IN=eth1 OUT=
MAC=00:10:b5:bf:2f:3c:00:0c:f1:a2:cf:0e:08:00 SRC=192.168.1.1
DST=192.168.10.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=48305 DF PROTO=UDP
SPT=43182 DPT=53 LEN=41


Thanks!
Dennis




There is probably an iptables rule that is logging those packets. You
may want to inspect your rules and remove the relevant ones.


--
Raj Kiran Grandhi
--
Politics is for the moment. An equation is for eternity.
-- Albert Einstein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-11-2008, 01:39 AM
Jerome BENOIT
 
Default Strange msgs in syslog

Hello List,

knowing your firewall tool can be useful: is it `firehole' ?

Jerome

Raj Kiran Grandhi wrote:

Dennis Wicks wrote:

Greetings;

I have just noticed that syslog on my firewall contains hundreds if
not thousands of messages like this.


Do they indicate an error of some kind?

If not, how do I turn them off?

kernel: BANDWIDTH_IN:IN=eth1 OUT=
MAC=00:10:b5:bf:2f:3c:00:0c:f1:a2:cf:0e:08:00 SRC=192.168.1.1
DST=192.168.10.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=48305 DF
PROTO=UDP SPT=43182 DPT=53 LEN=41


Thanks!
Dennis




There is probably an iptables rule that is logging those packets. You
may want to inspect your rules and remove the relevant ones.




--
Jerome BENOIT
jgmbenoit_at_mailsnare_dot_net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-11-2008, 01:40 PM
"Douglas A. Tutty"
 
Default Strange msgs in syslog

On Sat, May 10, 2008 at 08:02:09PM -0500, Dennis Wicks wrote:
> I have just noticed that syslog on my firewall contains
> hundreds if not thousands of messages like this.
>
> Do they indicate an error of some kind?
>
> If not, how do I turn them off?
>
> kernel: BANDWIDTH_IN:IN=eth1 OUT=
> MAC=00:10:b5:bf:2f:3c:00:0c:f1:a2:cf:0e:08:00
> SRC=192.168.1.1 DST=192.168.10.1 LEN=61 TOS=0x00
> PREC=0x00 TTL=64 ID=48305 DF PROTO=UDP SPT=43182 DPT=53
> LEN=41

Lets break this down. Your firewall (whatever software you use only
configures the kernel iptables which then does the logging) is logging
these because there's a rule to log packets like this.

This packet came from 192.168.1.1 and went to 192.168.10.1

This suggests that this is to and from one of your own boxes since
192.168 is a local IP set.

The protocol is UDP and the destination port is 53. /etc/services shows
that UDP/53 is a DNS server.

Do you have a DNS server running on box 192.168.10.1? Do you have
192.168.1.1 configured to send DNS requests to 192.168.10.1?

If the network is working, it suggests that you have your firewall
configured to pass these packets but to log them. Given that anything
you do that uses a hostname or domain name will generate a DNS request,
I can imaging that your logs would fill up with this.

If this seems like the correct scenario, you only have to fix your
firewall's rules.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 06:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org