[lug] Interpreting iptables log messages
Bill Thoen
bthoen at gisnet.com
Tue Oct 2 16:44:16 MDT 2007
I'm exploring the arcane world of iptables and firewalls, and I was
wondering if there's a good online document that explains how to
interpret the log messages that can be produced by this software?
Specifically, I'm trying to make sense of exchanges like this (since I
don't recognize IP 106.118.153.84, and I suspect it's up to no good):
Oct 2 13:41:24 bill kernel: **DEFAULT-INPUT** IN=eth0 OUT=
MAC=00:11:5b:e6:aa:38:00:b0:c2:88:c3:c2:08:00 SRC=106.118.153.84
DST=111.222.217.247 LEN=394 TOS=0x00 PREC=0x00 TTL=51 ID=26187 PROTO=UDP
SPT=30296 DPT=1026 LEN=374
Oct 2 13:41:24 bill kernel: **DEFAULT-OUTPUT** IN= OUT=eth0
SRC=111.222.217.247 DST=106.118.153.84 LEN=422 TOS=0x00 PREC=0xC0 TTL=64
ID=37515 PROTO=ICMP TYPE=3 CODE=3 [SRC=106.118.153.84
DST=111.222.217.247 LEN=394 TOS=0x00 PREC=0x00 TTL=51 ID=26187 PROTO=UDP
SPT=30296 DPT=1026 LEN=374 ]
- Bill Thoen
More information about the LUG
mailing list