[Shorewall-users] Lot's of annoying ICMP-messages in iptables logs

Ad Koster lidad at zeelandnet.nl
Fri Jan 9 20:38:49 PST 2004


On Fri, 2004-01-09 at 19:58, Tom Eastep wrote:
> On Friday 09 January 2004 10:58 am, Ad Koster wrote:
> > On Fri, 2004-01-09 at 19:17, Tom Eastep wrote:
> > > On Friday 09 January 2004 10:05 am, Tom Eastep wrote:
> > > > On Friday 09 January 2004 09:29 am, Ad Koster wrote:
> > > > > The last couple of weeks I notice a lot of annoying ICMP-messages in
> > > > > my firewall logs:
> > > > >
> > > > > Shorewall:net2all:DROP:IN=eth0 OUT=
> > > > > MAC=ff:ff:ff:ff:ff:ff:00:50:bf:d6:ce:f9:08:00 SRC=0.0.0.0 DST=0.0.0.0
> > > > > LEN=56 TOS=0x00 PREC=0x00 TTL=250 ID=34038 PROTO=ICMP TYPE=11 CODE=0
> > > > > [SRC=0.0.0.0 DST=62.238.196.17 LEN=56 TOS=0x00 PREC=0x00 TTL=1
> > > > > ID=54335 PROTO=ICMP TYPE=3 CODE=2 INCOMPLETE [8 bytes] ]
> > > > >
> > > > > Could this be some kind of attack (ICMP 3 Code 2 = protocol
> > > > > unreachable), what is your opinion?
> > > >
> > > > What does 'ip addr ls eth0' show on your firewall? Also 'shorewall show
> > > > nat'?
> > >
> > > Also, do you have 'norfc1918' enabled on eth0? If so, what does your
> > > /etc/shorewall/rfc1918 file have for 0.0.0.0/7?
> > >
> > > -Tom
> >
> > Tom
> >
> > My "/etc/shorewall/interfaces" looks like:
> >
> > net      eth0           detect
> > dhcp,routefilter,norfc1918,blacklist,tcpflags
> > loc      eth1           detect          dhcp
> >
> > And rfc1918 has the default value:
> >
> > 0.0.0.0/7               logdrop         # Reserved
> 
> Hmmm -- then I don't understand why the packet is being logged out of the 
> 'net2all' chain rather than the 'logdrop' chain....
> 
> -Tom

Tom, 

No there are no non-default entries in my /etc/shorewall/rfc1918-file:

255.255.255.255         RETURN          # We need to allow limited
broadcast
169.254.0.0/16          DROP            # DHCP autoconfig
172.16.0.0/12           logdrop         # RFC 1918
192.0.2.0/24            logdrop         # Example addresses (RFC 3330)
192.168.0.0/16          logdrop         # RFC 1918
#
# The following are generated with the help of the Python program found
at:
#
#       http://www.shorewall.net/pub/shorewall/contrib/iana_reserved/
#
# The program was contributed by Andy Wiggin
#
0.0.0.0/7               logdrop         # Reserved
2.0.0.0/8               logdrop         # Reserved
5.0.0.0/8               logdrop         # Reserved
7.0.0.0/8               logdrop         # Reserved
10.0.0.0/8              logdrop         # Reserved
23.0.0.0/8              logdrop         # Reserved
27.0.0.0/8              logdrop         # Reserved


Ad Koster
lidad at zeelandnet.nl



More information about the Shorewall-users mailing list