Yep: I have ipt_LOG loaded (actually compiled into the kernel) and not
ipt_ULOG. So the only thing I'm getting in my kernel log is:
Jul 17 04:02:07 rulhm2 kernel: INVALID packet: IN=eth0 OUT=
MAC=00:01:02:05:1d:25:00:01:03:d2:b8:75:08:00 SRC=132.229.96.110
DST=132.229.96.12 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56700 DF PROTO=TCP
SPT=54858 DPT=445 WINDOW=5840 RES=0x00 ACK FIN URGP=0
(But of course this also is shown when
/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid = 0 )
Jozsef Kadlecsik wrote:
On Mon, 17 Jul 2006, Arno van Amersfoort wrote:
Jozsef Kadlecsik wrote:
On Thu, 13 Jul 2006, Arno van Amersfoort wrote:
Just did some more investigation. Didn't test with tcpdump yet as this
issue is not reproducable easiely :-S Anyway it turns out that the
packets shown have state "INVALID" (opposed to ESTABLISHED or NEW). So
somehow iptables "thinks" they no longer belong to a connection
(somehow)....
If you enabled logging invalid packets, then the kernel would produce log
lines why those packets were categorized as INVALID.
I've tried enabling this option but nothing shows up in my kernel log.
I'd expect it to appear in loglevel kern.* right ?
That's right. You have got the kernel module ipt_LOG loaded in (and
ipt_ULOG doesn't), don't you?
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
--
Ing. A.C.J. van Amersfoort (Arno)
Department Of Electronics (ELD, k1007)
Huygens Laboratory
Leiden University
P.O. Box 9504
Niels Bohrweg 2
2333 CA Leiden
The Netherlands
----------------------------------------------------------------
Phone : +31-(0)71-527.1894 Fax: +31-(0)71-527.5819
E-mail: a.c.j.van.amersfoort@xxxxxxxxxxxxxxxxxxxxxxxxx
----------------------------------------------------------------
Arno's (Linux firewall) homepage: http://rocky.eld.leidenuniv.nl
