Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

FW bridge problems (Linux)

From: Chris Ditri <chrisd () better-investing org>
Date: Wed, 10 Dec 2003 08:41:23 -0500
Hello.

I have setup a linux ethernet bridge/firewall.  Everything seemed to be 
working pretty well, until one day I found that my /var/log/messages was 
filled up with 14 gigabytes of this junk:

Dec  9 15:47:55 kronos nf_hook: hook 4 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=74
Dec  9 15:47:55 kronos nf_hook: hook 0 already set.
Dec  9 15:47:55 kronos skb: pf=2 (unowned) dev=br0 len=69
Dec  9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69 
S=0x00 I=7745 F=0x4000 T=50
Dec  9 15:47:55 kronos nf_hook: hook 0 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=69
Dec  9 15:47:55 kronos nf_hook: hook 2 already set.
Dec  9 15:47:55 kronos skb: pf=2 (unowned) dev=eth1 len=69
Dec  9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69 
S=0x00 I=7745 F=0x4000 T=50
Dec  9 15:47:55 kronos nf_hook: hook 2 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=69
Dec  9 15:47:55 kronos nf_hook: hook 4 already set.
Dec  9 15:47:55 kronos skb: pf=2 (unowned) dev=eth1 len=69
Dec  9 15:47:55 kronos PROTO=6 209.202.220.135:25 10.103.232.134:46016 L=69 
S=0x00 I=7745 F=0x4000 T=50
Dec  9 15:47:55 kronos nf_hook: hook 4 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=69
Dec  9 15:47:55 kronos nf_hook: hook 0 already set.
Dec  9 15:47:55 kronos skb: pf=2 (unowned) dev=br0 len=58
Dec  9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58 
S=0x00 I=14180 F=0x4000 T=64
Dec  9 15:47:55 kronos nf_hook: hook 0 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth1 len=58
Dec  9 15:47:55 kronos nf_hook: hook 2 already set.
Dec  9 15:47:55 kronos skb: pf=2 (unowned) dev=eth0 len=58
Dec  9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58 
S=0x00 I=14180 F=0x4000 T=64
Dec  9 15:47:55 kronos nf_hook: hook 2 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=58
Dec  9 15:47:55 kronos nf_hook: hook 4 already set.
Dec  9 15:47:55 kronos skb: pf=2 (unowned) dev=eth0 len=58
Dec  9 15:47:55 kronos PROTO=6 10.103.232.134:46016 209.202.220.135:25 L=58 
S=0x00 I=14180 F=0x4000 T=64
Dec  9 15:47:55 kronos nf_hook: hook 4 already set.
Dec  9 15:47:55 kronos skb: pf=7 (unowned) dev=eth0 len=58

I did some poking around, and I heard that this was because of a bug in the 
2.4.19 version of this software (patch for the kernel).  So I downloaded and 
compiled the kernel in 2.4.23 -- with the same exact config file.  All of a 
sudden none of my IPTABLES rules are not having any influence on traffic!  
Bye-bye fiewall...

I tried to apply the patch to my 2.4.23 kernel, but it fails.  I cannot find 
this version of a bridge patch for 2.4.23 anywhere.  I have read that people 
have gotten this sort of thing working with kernel 2.4.20 and up -- but no 
reference as to what they had to do to get it working right.

What can I do?

Thanks!

Chris



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: