[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RAQ3 IPChains & Logcheck Error Messages - Major Help :<

Subject: [cobalt-users] RAQ3 IPChains & Logcheck Error Messages - Major Help :<
From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
Date: Sun Dec 9 02:37:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi Yah,

Sorry this is a bit long but...

I've been happily running the server most of the morning with IPChain
implemented and looks like logcheck is doing it's thing also...but I'm
getting an awful lot of the following errors and I mean a lot...now when I
try to pull up any of my customers sites this evening either get dns errors
can't find web site or site maybe having technical difficulty. Was wondering
if the servers getting bogged down with the logs or if it's something to do
with IPChains or the fact that the majority of these IP's are from the
colocation centre were with ???

Have tried connecting via SSH no joy, tried connecting via FTP no joy, gui &
webmin won't pull up - I don't think I've locked myself out or everyone as
it's been running okay most of today and the script has been tried again and
again... (little whimper help!)

Security Violations
=-=-=-=-=-=-=-=-=-=
Dec  8 16:22:18 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:4129 255.255.255.255:69 L=49 S=0x00 I=0 F=0x0000 T=255 (#58)
Dec  8 16:22:22 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:4129 255.255.255.255:69 L=49 S=0x00 I=1 F=0x0000 T=255 (#58)
Dec  8 16:22:26 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:4129 255.255.255.255:69 L=49 S=0x00 I=2 F=0x0000 T=255 (#58)
Dec  8 16:22:30 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:4129 255.255.255.255:69 L=49 S=0x00 I=3 F=0x0000 T=255 (#58)
Dec  8 16:22:30 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:1888 255.255.255.255:69 L=46 S=0x00 I=0 F=0x0000 T=255 (#58)
Dec  8 16:22:34 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:1888 255.255.255.255:69 L=46 S=0x00 I=1 F=0x0000 T=255 (#58)
Dec  8 16:22:37 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.65.4:137 208.155.79.255:137 L=78 S=0x00 I=47060 F=0x0000 T=128 (#59)
Dec  8 16:22:38 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.65.4:137 208.155.79.255:137 L=78 S=0x00 I=47316 F=0x0000 T=128 (#59)
Dec  8 16:22:38 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:1888 255.255.255.255:69 L=46 S=0x00 I=2 F=0x0000 T=255 (#58)
Dec  8 16:22:39 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.65.4:137 208.155.79.255:137 L=78 S=0x00 I=47572 F=0x0000 T=128 (#59)
Dec  8 16:22:42 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.66.37:1888 255.255.255.255:69 L=46 S=0x00 I=3 F=0x0000 T=255 (#58)

Below is a copy of my IPChain rules...

#!/bin/sh
# IPchains Firewalling Script File
# Generated by IPchains Firewalling Webmin Module
# Copyright (C) 1999-2000 by Tim Niemueller, GPL
# http://www.niemueller.de/webmin/modules/ipchains/
# Created on 8/Dec/2001 15:48

/sbin/ipchains -F
/sbin/ipchains -X

/sbin/ipchains -P input DENY
/sbin/ipchains -P forward DENY
/sbin/ipchains -P output REJECT

/sbin/ipchains -A input -i lo -j ACCEPT
/sbin/ipchains -A input -s 10.0.0.0/255.0.0.0 -j DENY
/sbin/ipchains -A input -s 172.16.0.0/255.240.0.0 -j DENY
/sbin/ipchains -A input -s 192.168.0.0/255.255.0.0 -j DENY
/sbin/ipchains -A input -s 255.255.255.255/255.255.255.255 -j DENY
/sbin/ipchains -A input -d 0.0.0.0/255.255.255.255 -j DENY
/sbin/ipchains -A input -s 224.0.0.0/240.0.0.0 -j DENY
/sbin/ipchains -A input -s 240.0.0.0/248.0.0.0 -l -j DENY
/sbin/ipchains -A input -s 0.0.0.0/255.0.0.0 -l -j DENY
/sbin/ipchains -A input -s 127.0.0.0/255.0.0.0 -l -j DENY
/sbin/ipchains -A input -s 169.254.0.0/255.255.0.0 -l -j DENY
/sbin/ipchains -A input -s 192.0.2.0/255.255.255.0 -l -j DENY
/sbin/ipchains -A input -s 224.0.0.0/224.0.0.0 -l -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 2049 -i eth0 -y -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 2000 -i eth0 -y -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 6000:6063 -i eth0 -y -l -p tcp -j
DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 1080 -i eth0 -y -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 2049 -i eth0 -l -p udp -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 32769:65535 -d 0.0.0.0/0.0.0.0
33434:33523 -i eth0 -l -p udp -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
53 -i eth0 -p udp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 53 -d 0.0.0.0/0.0.0.0 53 -i
eth0 -p udp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 53 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p udp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 53 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
80 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 80 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
81 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
443 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 443 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
110 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
25 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 25 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 513:65535 -d 0.0.0.0/0.0.0.0
22 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 22 -d 0.0.0.0/0.0.0.0
1022:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 513:65535 -d 0.0.0.0/0.0.0.0
26 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 26 -d 0.0.0.0/0.0.0.0
1022:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
113 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 113 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
21 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
20 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 21 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 20 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type echo-reply -j ACCEPT
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type
destination-unreachable -j ACCEPT
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type source-quench -j ACCEPT
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type parameter-problem -j
ACCEPT
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 0:19 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 24 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 26:78 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 81:109 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 112 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 114:136 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 140:142 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 144:442 -i eth0 -l -p tcp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 444:1023 -i eth0 -l -p tcp -j
DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 0:110 -i eth0 -l -p udp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 112:160 -i eth0 -l -p udp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 163:634 -i eth0 -l -p udp -j DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 636:1023 -i eth0 -l -p udp -j
DENY
/sbin/ipchains -A input -d 0.0.0.0/0.0.0.0 1024:65535 -i eth0 -l -p udp -j
DENY
/sbin/ipchains -A input -i eth0 -l -p icmp --icmp-type redirect -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0.0.0.0 13:255 -i eth0 -l -p icmp -j DENY
/sbin/ipchains -A output -i lo -j ACCEPT
/sbin/ipchains -A output -d 0.0.0.0/0.0.0.0 2049 -i eth0 -y -p tcp -j REJECT
/sbin/ipchains -A output -d 0.0.0.0/0.0.0.0 2000 -i eth0 -y -p tcp -j REJECT
/sbin/ipchains -A output -d 0.0.0.0/0.0.0.0 6000:6063 -i eth0 -y -p tcp -j
REJECT
/sbin/ipchains -A output -d 0.0.0.0/0.0.0.0 1080 -i eth0 -y -p tcp -j REJECT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 53 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p udp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 53 -d 0.0.0.0/0.0.0.0 53 -i
eth0 -p udp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
53 -i eth0 -p udp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
53 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 80 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
80 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 81 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 443 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
443 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 110 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 25 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
25 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 22 -d 0.0.0.0/0.0.0.0
513:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1022:65535 -d 0.0.0.0/0.0.0.0
22 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 26 -d 0.0.0.0/0.0.0.0
513:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1022:65535 -d 0.0.0.0/0.0.0.0
26 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 113 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
113 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 21 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 20 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
21 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
20 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 1024:65535 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -p icmp --icmp-type fragmentation-needed -j
ACCEPT
/sbin/ipchains -A output -i eth0 -p icmp --icmp-type source-quench -j ACCEPT
/sbin/ipchains -A output -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
/sbin/ipchains -A output -i eth0 -p icmp --icmp-type parameter-problem -j
ACCEPT
/sbin/ipchains -A output -i eth0 -j REJECT
#----For Webmin----
/sbin/ipchains -A input -i eth0 -s xxx.xxx.xxx.0/255.255.240.0 1024:65535 -d
xxx.xxx.xxx.xxx 10000 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.xxx 10000 -d
xxx.xxx.xxx.0/255.255.240.0 1024:65535 ! -y -p tcp -j ACCEPT

/sbin/ipchains -A input -i eth0 -s xxx.xxx.xxx.0/255.255.240.0 1024:65535 -d
! xxx.xxx.xxx.xxx 10000 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s ! xxx.xxx.xxx.xxx 10000 -d
xxx.xxx.xxx.0/255.255.240.0 1024:65535 ! -y -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! xxx.xxx.xxx.xxx 10000 -d
xxx.xxx.xxx.0/255.255.240.0 1024:65535 ! -y -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.0/255.255.240.0
1024:65535 -d ! xxx.xxx.xxx.xxx 10000 -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A forward -i eth0 -s xxx.xxx.xxx.0/255.255.240.0
1024:65535 -d ! xxx.xxx.xxx.xxx 10000 -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A forward -i eth0 -s ! xxx.xxx.xxx.xxx 10000 -d
xxx.xxx.xxx.0/255.255.240.0 1024:65535 ! -y -p tcp -j ACCEPT
##MASQ: /sbin/ipchains -A input -i eth0 -s ! xxx.xxx.xxx.xxx 10000 -d
xxx.xxx.xxx.xxx 1024:65535 ! -y -p tcp -j ACCEPT
##MASQ: /sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.xxx 1024:65535 -d !
xxx.xxx.xxx.xxx 10000 -p tcp -j ACCEPT
##MASQ: /sbin/ipchains -A forward -s xxx.xxx.xxx.0/255.255.240.0
1024:65535 -d ! xxx.xxx.xxx.xxx 10000 -p tcp -j MASQ

/sbin/ipchains -A input -i eth0 -d xxx.xxx.xxx.xxx 10000 -s !
xxx.xxx.xxx.xxx 1024:65535 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.xxx 10000 -d !
xxx.xxx.xxx.xxx 1024:65535 -p tcp -j ACCEPT

##NOMASQ: /sbin/ipchains -A input -i eth0 -s ! xxx.xxx.xxx.xxx 1024:65535 -d
xxx.xxx.xxx.0/255.255.240.0 10000 -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.0/255.255.240.0
10000 -d ! xxx.xxx.xxx.xxx 1024:65535 ! -y -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A input -i eth0 -s xxx.xxx.xxx.0/255.255.240.0
10000 -d ! xxx.xxx.xxx.xxx 1024:65535 ! -y -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A output -i eth0 -s ! xxx.xxx.xxx.xxx
1024:65535 -d xxx.xxx.xxx.0/255.255.240.0 10000 -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A forward -i eth0 -s ! xxx.xxx.xxx.xxx
1024:65535 -d xxx.xxx.xxx.0/255.255.240.0 10000 -p tcp -j ACCEPT
##NOMASQ: /sbin/ipchains -A forward -i eth0 -s xxx.xxx.xxx.0/255.255.240.0
10000 -d ! xxx.xxx.xxx.xxx 1024:65535 ! -y -p tcp -j ACCEPT

/sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.xxx 1024:65535 -d
xxx.xxx.xxx.0/255.255.240.0 10000 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s xxx.xxx.xxx.0/255.255.240.0 10000 -d
xxx.xxx.xxx.xxx 1024:65535 ! -y -p tcp -j ACCEPT

/sbin/ipchains -A output -i eth0 -s xxx.xxx.xxx.xxx 1024:65535 -d !
xxx.xxx.xxx.xxx 10000 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! xxx.xxx.xxx.xxx 10000 -d
xxx.xxx.xxx.xxx 1024:65535 ! -y -p tcp -j ACCEPT
Prev by Date: [cobalt-users] Bad package file on RAQ2
Next by Date: RE: [cobalt-users] Allowed perl.exe processes
Previous by thread: [cobalt-users] Bad package file on RAQ2
Next by thread: [cobalt-users] weird qube 2, W2K SMB problem
Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index