iptables and/or CUPS question

Burke, Thomas G. tg.burke at ngc.com
Thu Aug 11 16:28:03 UTC 2005 

I cannot answer you question, as I am still using ipchains.  However,
10.255.255.255 is the broadcast address for the 10.x.x.x series of
networks.   IIUC, 10.1.5.8 is broadcasting to the 10.x.x.x network that
the service on port 631 is available.  It appears to be receiving
something from 10.1.4.238 (a different network) that is an invalid
packet.  Of course, it's been a long while since I've looked at this
sort of thing, so I may be full of horse hockey.

	-Tom
 

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
Sent: Thursday, August 11, 2005 12:23 PM
To: redhat-list at redhat.com
Subject: iptables and/or CUPS question

My RHEL ES4 box is behind a firewall. I have it set up as a CUPS print
server. I noticed that I was getting this in my logwatch output (when
Detail is set to Low):

  --------------------- Kernel Begin ------------------------
   From 10.1.5.58 - 2764 packets to udp(631)
  ---------------------- Kernel End -------------------------

My box IS 10.1.5.58. It looked like iptables on my box was stopping
packets from itself, so I bumped up the detail to Med, and got this:

  --------------------- Kernel Begin ------------------------
    From 10.1.5.58 - 2777 packets
       To 10.255.255.255 - 2777 packets
          Service: ipp (udp/631) (INPUT packet died:,eth0,none) - 2777
packets
  ---------------------- Kernel End -------------------------

This is a typical /var/log/message entry:

Aug 11 12:13:26 mach2 kernel: Invalid packet: IN=eth0 OUT=
MAC=01:00:5e:00:00:01:08:00:4e:b0:01:e9:08:00 SRC=10.1.4.238
DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=255 ID=53647 PROTO=ICMP
TYPE=9 CODE=0


Could anyone tell me (or point me to a link that explains) why iptables
is doing this. It occurred to me that the print server might be badly
configured, but I am able to use it to print from other computers on our
network. And, there is no 10.255.255.255 box on the network.

Any ideas?

TIA,

Bill Tangren

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list