|
Firewall Wizards
mailing list archives
Re: Weird FW bridge stuff (Linux)
From: Chris Ditri <chrisd () better-investing org>
Date: Wed, 10 Dec 2003 15:58:43 -0500
Thanks for the input guys.
I had reconfigured my kernel to turn off debugging -- but I forgot to copy the
bzImage -- so I was still using the old image (whoops).
That seemed to clear up the log problem.
I still don't know why 2.4.23 ignores my iptables commands...
Thanks again.
Chris
On Tuesday 09 December 2003 03:51 pm, Chris Ditri wrote:
Hello.
I have setup a linux ethernet bridge/firewall. Everything seemed to be
working pretty well, until one day I found that my /var/log/messages was
filled up with 14 gigabytes of this junk:
Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=74
Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=br0 len=69
Dec 9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69
S=0x00 I=7745 F=0x4000 T=50
Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=69
Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth1 len=69
Dec 9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69
S=0x00 I=7745 F=0x4000 T=50
Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=69
Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth1 len=69
Dec 9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69
S=0x00 I=7745 F=0x4000 T=50
Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=69
Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=br0 len=58
Dec 9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58
S=0x00 I=14180 F=0x4000 T=64
Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=58
Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth0 len=58
Dec 9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58
S=0x00 I=14180 F=0x4000 T=64
Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=58
Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth0 len=58
Dec 9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58
S=0x00 I=14180 F=0x4000 T=64
Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=58
I did some poking around, and I heard that this was because of a bug in the
2.4.19 version of this software (patch for the kernel). So I downloaded
and compiled the kernel in 2.4.23 -- with the same exact config file. All
of a sudden none of my IPTABLES rules are not having any influence on
traffic! Bye-bye fiewall...
I tried to apply the patch to my 2.4.23 kernel, but it fails. I cannot
find this version of a bridge patch for 2.4.23 anywhere. I have read that
people have gotten this sort of thing working with kernel 2.4.20 and up --
but no reference as to what they had to do to get it working right.
What can I do?
Thanks!
Chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
