netdev
[Top] [All Lists]

Fw: Log full of "ing_filter: fixed ippp2 out ippp2"

To: netdev@xxxxxxxxxxx
Subject: Fw: Log full of "ing_filter: fixed ippp2 out ippp2"
From: Andrew Morton <akpm@xxxxxxxx>
Date: Thu, 10 Mar 2005 17:49:15 -0800
Cc: Kimmo Sundqvist <kimmo.sundqvist@xxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
Can you check to see if 2.6.11 is still doing this?


Begin forwarded message:

Date: Wed, 9 Mar 2005 22:07:41 +0200
From: Kimmo Sundqvist <kimmo.sundqvist@xxxxxxxx>
To: linux-kernel@xxxxxxxxxxxxxxx
Subject: Log full of "ing_filter:  fixed  ippp2 out ippp2"


Hello

Please cc all replies to me.

After upgrading my little NATting firewall/router from 2.6.7-ck4 to 
2.6.10-gentoo-r6 my /var/log/messages is 15MB in size and most of it looks 
like the text below.  All traffic to the Internet seems to cause this.  

"cat /var/log/messages | uniq | uniqmessages" results in a 3MB file.  I use 
syslog-ng.

Iptables setup script further down.

Mar  9 21:58:15 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:15 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:15 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:15 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:15 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:16 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2
Mar  9 21:58:17 shadowgate ing_filter:  fixed  ippp2 out ippp2

My firewall setup looks like:

IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
DEPMOD=/sbin/depmod

EXTIF="ippp2"
INTIF="eth0"
KAKKOSIF="eth1"

$DEPMOD -a

$MODPROBE ip_tables

#$MODPROBE ip_conntrack
#In the kernel

$MODPROBE ip_conntrack_ftp
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD

$IPTABLES -t nat -F

/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -o $KAKKOSIF -m state --state \
ESTABLISHED,RELATED -j ACCEPT   # RJ-45

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \
ESTABLISHED,RELATED  -j ACCEPT # BNC segment

$IPTABLES -A FORWARD -i $KAKKOSIF -o $EXTIF -j ACCEPT   # RJ-45
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT        # BNC segment
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -A FORWARD -j LOG
exit 0

-Kimmo S.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

<Prev in Thread] Current Thread [Next in Thread>