LinuxLists.cc - Log full of "ing_filter: fixed ippp2 out ippp2"

2005-03-09 20:15:09

Subject: Log full of "ing_filter: fixed ippp2 out ippp2"

Hello

Please cc all replies to me.

After upgrading my little NATting firewall/router from 2.6.7-ck4 to
2.6.10-gentoo-r6 my /var/log/messages is 15MB in size and most of it looks
like the text below. All traffic to the Internet seems to cause this.

"cat /var/log/messages | uniq | uniqmessages" results in a 3MB file. I use
syslog-ng.

Iptables setup script further down.

Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:15 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:16 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2
Mar 9 21:58:17 shadowgate ing_filter: fixed ippp2 out ippp2

My firewall setup looks like:

IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
DEPMOD=/sbin/depmod

EXTIF="ippp2"
INTIF="eth0"
KAKKOSIF="eth1"

$DEPMOD -a

$MODPROBE ip_tables

#$MODPROBE ip_conntrack
#In the kernel

$MODPROBE ip_conntrack_ftp
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD

$IPTABLES -t nat -F

/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -o $KAKKOSIF -m state --state \
ESTABLISHED,RELATED -j ACCEPT # RJ-45

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \
ESTABLISHED,RELATED -j ACCEPT # BNC segment

$IPTABLES -A FORWARD -i $KAKKOSIF -o $EXTIF -j ACCEPT # RJ-45
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT # BNC segment
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -A FORWARD -j LOG
exit 0

-Kimmo S.