Re: [arch-general] iptables not working well?
On Sun, Jul 10, 2011 at 6:35 PM, Robert Marmorstein <rmmarm@sdf.org> wrote:
...
It might help you to LOG packets that are REJECTED. Then if you continue to have issues, you should be able to see more directly what's going on.
To do that, add rules like directly before the ones with -J REJECT:
iptables -A INPUT -j LOG -m limit --limit 3/minute iptables -A FORWARD -j LOG -m limit --limit 3/minute
Then you should look in /var/log/messages or /var/log/syslog (depending on which logger you have installed) to see which packets are being dropped.
You probably don't want these rules enabled all the time -- the log files can get pretty big quickly -- but they are very helpful for debugging.
If you continue to have issues, posting the LOG messages would help us know more about what's going on.
Robert
Hi Robert, I tried the loging rules, but they didn't work as proposed: % sudo iptables -A INPUT -j LOG -m limit --limit 3/minute Password: iptables: Invalid argument. Run `dmesg' for more information. % sudo iptables -A FORWARD -j LOG -m limit --limit 3/minute iptables: Invalid argument. Run `dmesg' for more information. What dmesg shows is: x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 I didn't find anything under: /var/log/messages.log /var/log/syslog.log The dmesg messages come from: /var/log/kernel.log Not sure if that helps any way to get some light, :-) Thanks, -- Javier.
On Mon, Jul 11, 2011 at 9:52 PM, Javier Vasquez <j.e.vasquez.v@gmail.com> wrote:
On Sun, Jul 10, 2011 at 6:35 PM, Robert Marmorstein <rmmarm@sdf.org> wrote:
...
It might help you to LOG packets that are REJECTED. Then if you continue to have issues, you should be able to see more directly what's going on.
To do that, add rules like directly before the ones with -J REJECT:
iptables -A INPUT -j LOG -m limit --limit 3/minute iptables -A FORWARD -j LOG -m limit --limit 3/minute
Then you should look in /var/log/messages or /var/log/syslog (depending on which logger you have installed) to see which packets are being dropped.
You probably don't want these rules enabled all the time -- the log files can get pretty big quickly -- but they are very helpful for debugging.
If you continue to have issues, posting the LOG messages would help us know more about what's going on.
Robert
Hi Robert, I tried the loging rules, but they didn't work as proposed:
% sudo iptables -A INPUT -j LOG -m limit --limit 3/minute Password: iptables: Invalid argument. Run `dmesg' for more information.
% sudo iptables -A FORWARD -j LOG -m limit --limit 3/minute iptables: Invalid argument. Run `dmesg' for more information.
What dmesg shows is:
x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48
I didn't find anything under:
/var/log/messages.log /var/log/syslog.log
The dmesg messages come from:
/var/log/kernel.log
Not sure if that helps any way to get some light, :-)
Thanks,
-- Javier.
Translation of: http://bbs.lemote.com/archiver/?tid-51375.html Seems to indicate not to be an issue: http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=auto&tl=en&u=http%3A%2F%2Fbbs.lemote.com%2Farchiver%2F%3Ftid-51375.html Perhaps I'll have to try tcpdump as suggested, :-) -- Javier.
participants (1)
-
Javier Vasquez