Re: IPtables doubt !!!

From: Paul Bryan (pa_bryan@yahoo.co.uk)
Date: 11/06/02


From: Paul Bryan <pa_bryan@yahoo.co.uk>
Date: Wed, 6 Nov 2002 11:51:21 +1100
To: security-discuss@linuxsecurity.com, Tiago Fioreze <tapera@inf.ufsm.br>


On Wed, 6 Nov 2002 00:39, you wrote:
> Hi Paul !
>
> The distribution is: RedHat 7.2.

Have you configured iptables with the config file /etc/sysconfig/iptables=
?
This is the RedHat way of doing it, and unless you have a specific reason=
 not
to, you may as well do it that way to.

> The following messages I got in /var/log/messages:
>
> Nov 1 04:57:34 rock kernel: IN=3Deth0 OUT=3Deth1 SRC=3D200.18.4=
2.50
> DST=3D80.135.20.116 LEN=3D48 TOS=3D0x00 PREC=3D0x00 TTL=3D127 ID=3D2986=
6 DF PROTO=3DTCP
> SPT=3D1051 DPT=3D4661 WINDOW=3D16384 RES=3D0x00 SYN URGP=3D0

So that's a log from iptables...

> ---> Power down probably in this moment.

Do you power it down, or is it crashing?

> Nov 1 05:43:38 rock syslogd 1.4.1: restart.
> Nov 1 05:43:42 rock kernel: Receiver lock-up workaround activated.
> Nov 1 05:43:42 rock kernel: eth1: OEM i82557/i82558 10/100 Ethernet,
> 00:04:AC:E6:59:73, IRQ 10.

This is odd... Syslog restarts and then your ethernet modules get loaded.=
 If
this was on startup you should see a lot more stuff between the first two
lines. Why is the ethernet module getting reloaded here? Have you got
something in a cron job maybe?

> Nov 1 05:43:42 rock kernel: Receiver lock-up bug exists -- enabling
> work-around. Nov 1 05:43:42 rock kernel: Board assembly 698523-001,
> Physical connectors present: RJ45
> Nov 1 05:43:42 rock kernel: Primary interface chip i82555 PHY #1.
> Nov 1 05:43:42 rock kernel: General self-test: passed.
> Nov 1 05:43:42 rock kernel: Serial sub-system self-test: passed.
> Nov 1 05:43:42 rock kernel: Internal registers self-test: passed.
> Nov 1 05:43:42 rock kernel: ROM checksum self-test: passed (0x24c9f0=
43).
> Nov 1 05:43:42 rock kernel: Receiver lock-up workaround activated.
> Nov 1 05:43:42 rock kernel: eepro100.c:v1.09j-t 9/29/99 Donald Becker
> http://www.scyld.com/network/eepro100.html
> Nov 1 05:43:42 rock kernel: eepro100.c: $Revision: 1.36 $ 2000/11/17
> Modified by Andrey V. Savochkin <saw@saw.sw.com.sg> and others
> Nov 1 05:43:42 rock kernel: eth0: OEM i82557/i82558 10/100 Ethernet,
> 00:04:AC:E6:5E:5F, IRQ 11.
> Nov 1 05:43:42 rock kernel: Receiver lock-up bug exists -- enabling
> work-around. Nov 1 05:43:42 rock kernel: Board assembly 698523-001,
> Physical connectors present: RJ45
> Nov 1 05:43:42 rock kernel: Primary interface chip i82555 PHY #1.
> Nov 1 05:43:42 rock kernel: General self-test: passed.
> Nov 1 05:43:42 rock kernel: Serial sub-system self-test: passed.
> Nov 1 05:43:42 rock kernel: Internal registers self-test: passed.
> Nov 1 05:43:42 rock kernel: ROM checksum self-test: passed (0x24c9f0=
43).
> Nov 1 05:43:42 rock kernel: ip_tables: (C) 2000-2002 Netfilter core te=
am
> Nov 1 05:43:42 rock kernel: ip_conntrack (768 buckets, 6144 max)
> -----> THE PROBLEM: Nov 1 05:44:38 my_firewall iptables: Aplicar as
> regras de 'firewall' do iptables: failed

If you do an 'lsmod' here, does it show the iptables module loaded? Does =
it
show ipchains?

After this fails how are you starting iptables?

Also, what is myfirewall iptables: - is that from some script? I haven't =
seen
that one before. Are you maybe using a firewall tool to configure iptable=
s?

Okay, I know there are more questions than answers here but the more info=
 the
better.

Cheers,
Paul.

PS.
I've also posted this back to the security list which you should probably=
 as
well rather than mailing me directly. Many eyes make light work!

-------------------------------------------------------

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.