1. Home
  2. Networking Firewalls
  3. iptables log, no protocol??

iptables log, no protocol??

I want to make sure a machine has the minimum ports/services open. I have a server which uses IPSec over IPv6. I've only allowed certain ports to be open (in this case just TCP/22 and UDP/500 for IPSec - I always allow ICMP).

When I try and establish a connection I get the following in the syslog (excuse the making it multi-line):

IPv6-input IN=eth0 OUT= SRC=26xx:xxxx:xxxx:0000:0000:0000:0000:xxxx DST=26xx:xxxx:xxxx:0000:0000:0000:0000:xxxx LEN=192 TC=0 HOPLIMIT=57 FLOWLBL=0

Now there's no protocol in that log entry, so how do I work out exactly what's being attempted by the client and how to create a rule that JUST allows these types of connections?

I guess perhaps they are related to mtu-discovery or something like this (although I don't know for sure).

~ Mike

Reply to
Mike Lovell
Loading thread data ...

[compton ~]$ whatis netstat nmap netstat (8) - Display network connections, routing tables, interface statistics, masquerade connections and netlink messages nmap (1) - Network exploration tool and security scanner [compton ~]$ su -c '/bin/netstat -anptu' Password: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1387/sshd tcp6 0 0 :::22 :::* LISTEN 1387/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1069/cupsd tcp6 0 0 ::1:631 :::* LISTEN 1069/cupsd [compton ~]$

Not much open here ('su' or 'sudo' needed to see all processes)

I suppose. Have you tried using something like nmap from another system to see what responses you get? (Be very careful using nmap if you are on a network you don't own - other network and system admins get angry easily.)

Fairly useless. What process created that log entry?

[compton ~]$ whatis tcpdump wireshark tcpdump (8) - dump traffic on a network wireshark (1) - Interactively dump and analyze network traffic [compton ~]$

The 'wireshark' output is generally easier for a non-technical person to try to read.

PMTU Discovery? See RFC1981 - but I doubt that's the purpose of this packet. Your wacked-up log entry suggests it's local-to-local.

Old guy

Reply to
Moe Trin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.