Burke, Thomas G. wrote:
I cannot answer you question, as I am still using ipchains. However,
10.255.255.255 is the broadcast address for the 10.x.x.x series of
networks. IIUC, 10.1.5.8 is broadcasting to the 10.x.x.x network that
the service on port 631 is available. It appears to be receiving
something from 10.1.4.238 (a different network) that is an invalid
packet. Of course, it's been a long while since I've looked at this
sort of thing, so I may be full of horse hockey.
-Tom
-----Original Message-----
My RHEL ES4 box is behind a firewall. I have it set up as a CUPS print
server. I noticed that I was getting this in my logwatch output (when
Detail is set to Low):
--------------------- Kernel Begin ------------------------
From 10.1.5.58 - 2764 packets to udp(631)
---------------------- Kernel End -------------------------
My box IS 10.1.5.58. It looked like iptables on my box was stopping
packets from itself, so I bumped up the detail to Med, and got this:
--------------------- Kernel Begin ------------------------
From 10.1.5.58 - 2777 packets
To 10.255.255.255 - 2777 packets
Service: ipp (udp/631) (INPUT packet died:,eth0,none) - 2777
packets
---------------------- Kernel End -------------------------
This is a typical /var/log/message entry:
Could anyone tell me (or point me to a link that explains) why iptables
is doing this. It occurred to me that the print server might be badly
configured, but I am able to use it to print from other computers on our
network. And, there is no 10.255.255.255 box on the network.
Sorry. I cut and pasted the wrong packet. This is a better example:
Aug 11 03:07:14 mach2 kernel: INPUT packet died: IN=eth0 OUT= MAC=
SRC=10.1.5.58 DST=10.255.255.255 LEN=175 TOS=0x00 PREC=0x00 TTL=64
ID=1832 DF PROTO=UDP SPT=631 DPT=631 LEN=155
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
