From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GPU0c-0005kc-6R for garchives@archives.gentoo.org; Tue, 19 Sep 2006 01:02:46 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k8J10Tpd005799; Tue, 19 Sep 2006 01:00:29 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k8J0sVfF010659 for ; Tue, 19 Sep 2006 00:54:31 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id CB4D9642A1 for ; Tue, 19 Sep 2006 00:54:30 +0000 (UTC) Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19356-21 for ; Tue, 19 Sep 2006 00:54:27 +0000 (UTC) Received: from mail.295.ca (mail.295.ca [66.38.192.228]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 7C283645D2 for ; Tue, 19 Sep 2006 00:54:25 +0000 (UTC) Received: from localhost (localhost.295.ca [127.0.0.1]) by mail.295.ca (Postfix) with ESMTP id 061D928A865F for ; Mon, 18 Sep 2006 20:54:25 -0400 (EDT) Received: from mail.295.ca ([127.0.0.1]) by localhost (mail.295.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5iZWncBvh2oh for ; Mon, 18 Sep 2006 20:54:20 -0400 (EDT) Received: from waltdnes.org (host-208-65-247-240.dyn.295.ca [208.65.247.240]) by mail.295.ca (Postfix) with SMTP id E2E3728A8C48 for ; Mon, 18 Sep 2006 20:54:17 -0400 (EDT) Received: by waltdnes.org (sSMTP sendmail emulation); Mon, 18 Sep 2006 20:53:51 -0400 From: "Walter Dnes" Date: Mon, 18 Sep 2006 20:53:51 -0400 To: Gentoo Users List Subject: [gentoo-user] Help, iptables logging to current console Message-ID: <20060919005351.GA20328@waltdnes.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Status: No, score=-2.426 required=5.5 tests=[AWL=0.038, BAYES_00=-2.599, FORGED_RCVD_HELO=0.135] X-Spam-Score: -2.426 X-Spam-Level: X-Archives-Salt: 83837caa-7be2-47fb-b021-61f5f9f842ac X-Archives-Hash: 06a34238e1204ee1b0251f990423490b I'm temporarily on dialup after my ADSL router/modem died. The ADSL router/modem used to drop all the garbage aimed my ports 135, 445, 1434, etc. Iptables never saw it. Now that I'm on dialup, iptables does see the garbage, and so do I, on my current console... IN=ppp0 OUT= MAC= SRC=208.65.244.98 DST=208.65.247.240 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=33631 DF PROTO=TCP SPT=3961 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0 IN=ppp0 OUT= MAC= SRC=208.65.244.98 DST=208.65.247.240 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=35461 DF PROTO=TCP SPT=1042 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 IN=ppp0 OUT= MAC= SRC=208.65.244.98 DST=208.65.247.240 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=35677 DF PROTO=TCP SPT=1042 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 The line in /var/lib/iptables/rules-save that triggers this is... -A TCP_IN -p tcp -m tcp --dport 0:1023 -j DROP_LOG And the DROP_LOG rules are... -A DROP_LOG -j LOG --log-level 6 -A DROP_LOG -j DROP In the past, I did not have this problem when on dialup. I expect to be back up on ADSL tomorrow evening, but I do want this solved. The most recent change on my system was the upgrade to gcc 4.1.1, and the accompanying rebuild of system and world, a few days ago. -- Walter Dnes In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list