Hi all,
I have Debian on a firewall which until now has only needed SSH
access. Now I need to be able to use a monitor and can't because of
errant logging appearing continuously on the screen.
This is what appears:
Jun 5 15:53:32 enterprise kernel: catch-allIN=ppp0 OUT= MAC=
SRC=64.19.48.6 DST=217.36.12.107 LEN=48 TOS=0x00 PREC=0x00 TTL=109
ID=5038 DF PROTO=TCP SPT=52451 DPT=6347 WINDOW=64240 RES=0x00 SYN
URGP=0 OPT (020405B401010402)
Its a continuous stream of info.
If anyone can tell me what the problem is or where to start looking
I'd be greatful.
My firewall rule-set is attached in case that's the problem.
Thanks.
--
Patrick
"Faced with the choice between changing one's mind and proving that
there is no need to do so, almost everyone gets busy on the proof. "
- John Kenneth Galbraith
#!/bin/sh
# PATH and modules
PATH=/sbin:$PATH; export PATH
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_nat
# Change to your hostname
hostname=zulfiqar
# Don't touch this
any="0.0.0.0/0.0.0.0"
#Flush things
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X
## Create chain which blocks new connections, except if coming from inside.
iptables -N block
iptables -N DLOG
# Anti-spoofing rule
iptables -A block -m state --state INVALID -j DLOG
# Continuations
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow services on lo in entirety - Squirrelmail, etc. need this.
iptables -A block -s 127.0.0.1/32 -i lo -j ACCEPT
# Allow LAN on eth0 in entirety - assuming the Lan consists
# of trusted users only. Otherwise use the Internet rules for
# the LAN with exceptions for your machine.
iptables -A block -s 192.168.0.0/24 -i eth0 -j ACCEPT
# FTP
iptables -A block -p tcp --destination-port 21 -j ACCEPT
# Open ssh port - there are no circumstances in which denying
# yourself ssh access is a good idea.
iptables -A block -p tcp --destination-port 22 -j ACCEPT
# Open httpd port, if you run websites
iptables -A block -p tcp --destination-port 80 -j ACCEPT
# Open imapd port, if you provide IMAP mail service.
iptables -A block -p tcp --destination-port 143 -j ACCEPT
# Open gnutella port - I need this for my URL from gnutella to work
iptables -A block -p tcp --destination-port 6346 -j ACCEPT
# Catch-all
iptables -A block -j DLOG
#The DLOG (drop+log) chain
iptables -A DLOG -j LOG --log-prefix="catch-all" --log-tcp-options \
--log-ip-options
iptables -A DLOG -j DROP
## Jump to that chain from INPUT and FORWARD chains.
iptables -A INPUT -j block
iptables -A FORWARD -j block
## Set up masquerading - sharing my ADSL connection.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
## Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
