Strange msgs in syslog
On Sat, May 10, 2008 at 08:02:09PM -0500, Dennis Wicks wrote:
> I have just noticed that syslog on my firewall contains
> hundreds if not thousands of messages like this.
> Do they indicate an error of some kind?
> If not, how do I turn them off?
> kernel: BANDWIDTH_IN:IN=eth1 OUT=
> SRC=192.168.1.1 DST=192.168.10.1 LEN=61 TOS=0x00
> PREC=0x00 TTL=64 ID=48305 DF PROTO=UDP SPT=43182 DPT=53
Lets break this down. Your firewall (whatever software you use only
configures the kernel iptables which then does the logging) is logging
these because there's a rule to log packets like this.
This packet came from 192.168.1.1 and went to 192.168.10.1
This suggests that this is to and from one of your own boxes since
192.168 is a local IP set.
The protocol is UDP and the destination port is 53. /etc/services shows
that UDP/53 is a DNS server.
Do you have a DNS server running on box 192.168.10.1? Do you have
192.168.1.1 configured to send DNS requests to 192.168.10.1?
If the network is working, it suggests that you have your firewall
configured to pass these packets but to log them. Given that anything
you do that uses a hostname or domain name will generate a DNS request,
I can imaging that your logs would fill up with this.
If this seems like the correct scenario, you only have to fix your
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org