[gentoo-user] Shorewall config problem

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] Shorewall config problem
@ 2015-05-06 15:20 Peter Humphrey
  2015-05-10  9:17 ` [gentoo-user] Shorewall config problem [SOLVED] Peter Humphrey
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Humphrey @ 2015-05-06 15:20 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 2604 bytes --]

Hello list,

I've recently installed a new ADSL modem, and now I'm trying to get it to log 
to my LAN server. The modem seems to be sending log messages but Shorewall is 
dropping them at the server.

I have the following:

# grep Syslog /etc/shorewall/rules                          
Syslog(ACCEPT)  net:192.168.1.1 $FW

192.168.1.1 is the ADSL modem, the syslog-ng client.

# cat /usr/share/shorewall/macro.Syslog
?FORMAT 2
PARAM   -       -       udp     514
PARAM   -       -       tcp     514
<snipped comments>

And yet:

# shorewall show log
Shorewall 4.6.6.2 Log (/var/log/messages) at serv - Wed  6 May 15:52:43 BST 
2015

Counters reset Wed  6 May 14:39:52 BST 2015

May  6 15:34:52 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=37 
May  6 15:35:37 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=101 
May  6 15:36:57 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=37 
May  6 15:38:10 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=63 
May  6 15:38:11 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=63 
May  6 15:38:11 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=63 
<snipped more similar entries>

Serv is the name of the syslog-ng server.

# grep Shorewall /var/log/messages
--->8
May  6 15:38:11 serv kernel: Shorewall:net-fw:DROP:IN=eth0 OUT= 
MAC=70:71:bc:94:ee:71:bc:ee:7b:61:8b:60:08:00 SRC=192.168.1.1 
DST=192.168.1.2 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP 
SPT=32964 DPT=514 LEN=63 
--->8

Ifconfig shows 70:71:bc:94:ee:71 as the MAC address of the server's one 
Ethernet interface.

/etc/shorewall/rules has several more rules, all of which do their jobs, e.g:

Squid(ACCEPT)   net:192.168.1.3 $FW
Squid(ACCEPT)   net:192.168.1.6 $FW
SSH(ACCEPT)     net:192.168.1.3 $FW
SSH(ACCEPT)     net:192.168.1.6 $FW

Where's the inconsistency? If the Squid and SSH rules work, why doesn't the 
Syslog rule?

Or are the extra 8 bytes in the MAC address the problem? Of course I can't 
change the format of the modem's output, so in that case I'll need to tell 
Shorewall to ignore them - is that possible?

Can someone shed some light on this, please?

-- 
Rgds
Peter

[-- Attachment #2: Type: text/html, Size: 11368 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-user] Shorewall config problem [SOLVED]
  2015-05-06 15:20 [gentoo-user] Shorewall config problem Peter Humphrey
@ 2015-05-10  9:17 ` Peter Humphrey
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Humphrey @ 2015-05-10  9:17 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

On Wednesday 06 May 2015 16:20:19 I wrote:
> I've recently installed a new ADSL modem, and now I'm trying to get it to
> log to my LAN server. The modem seems to be sending log messages but
> Shorewall is dropping them at the server.

--->8

It seems I had missed something in the kernel configuration. I can't say what 
exactly because I added several options (life's too short to go through all 
the network options one at a time).

So now, Shorewall is not dropping syslog packets, and syslog-ng is logging 
correctly. This is my /etc/syslog-ng/syslog-ng.conf:

----------------
@version: 3.6
@include "scl.conf"
options { 
        threaded(yes);
        chain_hostnames(no); 
        stats_freq(43200); 
        mark_freq(0); 
};

source src { system(); internal(); };
source s_remote { udp (ip(192.168.1.2) port(514) ); };

filter f_cron { facility (cron); };
filter f_ncron { not facility (cron); };

destination d_remote { file("/var/log/remote"); };
destination d_cron { file("/var/log/cron"); };
destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };

log { source(src); filter(f_cron); destination(d_cron); };
log { source(src); filter(f_ncron); destination(messages); };
log { source(src); filter(f_ncron); destination(console_all); };
log { source(s_remote); destination(d_remote); };
----------------

I hope that will be useful to someone.

-- 
Rgds
Peter

[-- Attachment #2: Type: text/html, Size: 8158 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-05-10  9:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-06 15:20 [gentoo-user] Shorewall config problem Peter Humphrey
2015-05-10  9:17 ` [gentoo-user] Shorewall config problem [SOLVED] Peter Humphrey

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox