Re: [fw-wiz] Weird FW bridge stuff (Linux)
From: Chris Ditri (chrisd_at_better-investing.org)
Date: 12/10/03
- Previous message: Sloane, David: "[fw-wiz] RE:[fw-wiz]: unable to ping behind the firewall"
- In reply to: Chris Ditri: "[fw-wiz] Weird FW bridge stuff (Linux)"
- Next in thread: Lorens Kockum: "Re: [fw-wiz] Weird FW bridge stuff (Linux)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 10 Dec 2003 15:58:43 -0500
Thanks for the input guys.
I had reconfigured my kernel to turn off debugging -- but I forgot to copy the
bzImage -- so I was still using the old image (whoops).
That seemed to clear up the log problem.
I still don't know why 2.4.23 ignores my iptables commands...
Thanks again.
Chris
On Tuesday 09 December 2003 03:51 pm, Chris Ditri wrote:
> Hello.
>
> I have setup a linux ethernet bridge/firewall. Everything seemed to be
> working pretty well, until one day I found that my /var/log/messages was
> filled up with 14 gigabytes of this junk:
>
> Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=74
> Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
> Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=br0 len=69
> Dec 9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69
> S=0x00 I=7745 F=0x4000 T=50
> Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=69
> Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
> Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth1 len=69
> Dec 9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69
> S=0x00 I=7745 F=0x4000 T=50
> Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=69
> Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
> Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth1 len=69
> Dec 9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69
> S=0x00 I=7745 F=0x4000 T=50
> Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=69
> Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
> Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=br0 len=58
> Dec 9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58
> S=0x00 I=14180 F=0x4000 T=64
> Dec 9 15:47:55 kronos nf_hook: hook 0 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=58
> Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
> Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth0 len=58
> Dec 9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58
> S=0x00 I=14180 F=0x4000 T=64
> Dec 9 15:47:55 kronos nf_hook: hook 2 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=58
> Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
> Dec 9 15:47:55 kronos skb: pf=2 (unowned) dev=eth0 len=58
> Dec 9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58
> S=0x00 I=14180 F=0x4000 T=64
> Dec 9 15:47:55 kronos nf_hook: hook 4 already set.
> Dec 9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=58
>
> I did some poking around, and I heard that this was because of a bug in the
> 2.4.19 version of this software (patch for the kernel). So I downloaded
> and compiled the kernel in 2.4.23 -- with the same exact config file. All
> of a sudden none of my IPTABLES rules are not having any influence on
> traffic! Bye-bye fiewall...
>
> I tried to apply the patch to my 2.4.23 kernel, but it fails. I cannot
> find this version of a bridge patch for 2.4.23 anywhere. I have read that
> people have gotten this sort of thing working with kernel 2.4.20 and up --
> but no reference as to what they had to do to get it working right.
>
> What can I do?
>
> Thanks!
>
> Chris
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Sloane, David: "[fw-wiz] RE:[fw-wiz]: unable to ping behind the firewall"
- In reply to: Chris Ditri: "[fw-wiz] Weird FW bridge stuff (Linux)"
- Next in thread: Lorens Kockum: "Re: [fw-wiz] Weird FW bridge stuff (Linux)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
