| View previous topic :: View next topic |
| Author |
Message |
rjisenhart
n00b
Joined: 15 Jul 2005
Posts: 7
|
 Posted: Wed Sep 14, 2005 12:29 pm Post subject: Meaning of shorewall log messages. |
 |
|
Can anyone tell me the source and meaning and cause of these Shorewall messages.
Sep 14 05:58:26 tis Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.2 DST=192.168.1.255 LEN=232 TOS=0x00 PREC=0x00 TTL=64 ID=8 DF PROTO=UDP SPT=138 DPT=138 LEN=212
Sep 14 05:59:06 tis Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:04:61:79:d0:ac:00:30:bd:6d:a2:64:08:00 SRC=192.168.1.3 DST=192.168.1.2 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=54784 PROTO=UDP SPT=137 DPT=137 LEN=76
It may be helpful to know that I am trying to run Samba as a WINS server.
Thanks for your help.
Bob |
|
| Back to top |
|
 |
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Wed Sep 14, 2005 12:38 pm Post subject: |
|
|
It means your MAC ID's are 14 bytes long 
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
minskpower
Tux's lil' helper
Joined: 16 Jun 2005
Posts: 94
Location: /dev/null
|
| Posted: Wed Sep 14, 2005 3:06 pm Post subject: |
|
|
| firewall drops udp traffic on port 137 which is used by samba to communicate with win server. you might want to set a rule to accept that traffic. |
|
| Back to top |
|
|
rjisenhart
n00b
Joined: 15 Jul 2005
Posts: 7
|
| Posted: Thu Sep 15, 2005 2:49 am Post subject: |
|
|
Thanks for the help.
My rules are:
| Code: |
####################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
ACCEPT fw net tcp 80 #http
ACCEPT fw net udp 80 #http
ACCEPT fw net tcp 443 #https
ACCEPT fw net udp 443 #https
ACCEPT fw net tcp 21 #ftp
ACCEPT fw net tcp 53 #DNS
ACCEPT fw net udp 53 #DNS
ACCEPT fw net tcp 110 #unsecure Pop3
ACCEPT fw net tcp 995 #Secure Pop3
ACCEPT fw net tcp 873 #rsync
ACCEPT fw net tcp 25 #unsecure SMTP
ACCEPT fw net tcp 465 #SMTP over SSL
ACCEPT fw net tcp 5190 #AIM/ICQ
#DROP net fw tcp 113 #AUTH/IDENT, I added this to show how to block a port
#
ACCEPT loc loc tcp 7741 #LISA
#
# Samba Support
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
AllowSMB loc loc
AllowSMB fw loc
AllowSMB loc fw
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp |
And my policies are:
| Code: | ###############################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw net ACCEPT
#
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- DO NOT REMOVE
|
So I thought I was covered on port 137 using udp.
I have a Gentoo box and a 98SE box on loc. I can see the 98SE box from the Gentoo box, but I can't see the Gentoo Box from the 98SE box when I have Shorewall up.
I seem to be missing something.
???
Bob |
|
| Back to top |
|
|
|
Networking & Security
