On Mon, 24 Jun 2013 09:59:54 +0100 Laurie Brown laurie@brownowl.com wrote:
On 22/06/2013 21:00, Chris Walker wrote:
I've this week changed from Mandriva 2011 to Mageia. I did it because Mandriva no longer seemed to be being developed and also because my installation had a few issues.
I also swapped out the 500gig drive that Mandriva was on and installed Mageia to a 1TB drive but I kept the 500 gig jobbie. To save myself time I just moved things like the config for Sylpheed and Claws from the 5400gig to the 1TB and those are working fine. In trying to find out why a USB 3 disc wasn't being seen, I noticed that dmesg was filling up with messages from Shorewall. I'm not sure if Shorewall ran on Mandriva but certainly I didn't see those messages.
They all appear to be the same though with the exception of the ID which varies. Here's the last two for example [ 6125.561129] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=40:61:86:05:f9:31:00:24:a5:bd:b4:dc:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2897 DF PROTO=TCP SPT=3896 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0
[ 6128.560425] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=40:61:86:05:f9:31:00:24:a5:bd:b4:dc:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2898 DF PROTO=TCP SPT=3896 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0
On my machine 192.168.1.1 is the router.
Should I be concerned about these messages? If so, what should I do as they're just an irritation at the moment.
I can't imagine a router would be trying RDP on another machine. What shorewall logs say is very dependent on the way it has been set up. Whilst it's non-trivial, it's not hard as long as you take it a step at a time, and there are lots of guides. Which config files are amended and the way they are set up is system dependent, so I can't just ask for a listing or two.
I recommend that you go to the following and have a look:
http://www.shorewall.net/shorewall_quickstart_guide.htm
There will probably be a guide for your circumstances. Any specific questions I can probably help.
Thanks for your help and thanks to Simon too.
It all started to look horribly complicated for something that I'd never experienced before.
I looked at the sites mentioned and then thought that as the software is new (Mageia that is, not Shorewall) then perhaps there's something amiss there. Sure enough there is - https://forums.mageia.org/en/viewtopic.php?f=8&t=4987
I removed Shorewall, reconfigured it as was suggested and was then asked if I wanted to install it. I've just rebooted for good measure and all the messages have stopped.
I think that's described as an infelicity ;-)