[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::seal

Title:	SEAL

Moderator:	GALVIA::SMITH

Created:	Mon Mar 21 1994
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	1989
Total number of notes:	8209

1748.0. "screend logs ACCEPT events" by OSTV03::MAKI (TANSTAAFL) Thu Jan 30 1997 03:42

My customer is using following screend.conf at gate.
It looks OK ... But, the screend logs ACCEPT information too.
Has anyone have such experience?
( This firewall was configured by other person, at 1 years ago. )

#
# Packet filter configuration file for domain: foobar.co.jp
#
# Automatically created on Mon Sep 25 18:17:11 JST 1995 by FWsetup v1.1,
# run by [email protected]
#
default reject notify log;
for 10.2.1.0 netmask is 255.255.255.0;
for 202.248.xxx.xxx netmask is 255.255.255.240;
#
# Allow any TCP connection between internal hosts and ns.foobar.co.jp
between any and host ns.foobar.co.jp proto tcp accept;
# Also allow UDP connections for DNS (53) and NTP (123)
between any and host ns.foobar.co.jp udp port 53 accept;
between host ns.foobar.co.jp and any udp port 53 accept;
between any and host ns.foobar.co.jp udp port 123 accept;
between host mailgate.foobar.co.jp and host ns.foobar.co.jp udp port 514 
accept;
#
between any tcp port-not reserved and host dt2100.foobar.co.jp tcp port 
telnet accept;
between any tcp port-not reserved and host vcp1000.foobar.co.jp tcp port 
telnet accept;
# mailgate.foobar.co.jp (internal http proxy) to mzcom.foobar.co.jp:80
between host 10.2.1.11 and host 202.248.xxx.xxx tcp port 80 accept;

----
Maki Watanabe	[Internet System, East Japan 1 - SI DEC-Japan]
Internet: [email protected]

T.R	Title	User	Personal Name	Date	Lines
1748.1		EEMELI::EINAMO		`Thu Jan 30 1997 05:15`	9
	Hi are they running screend with -l option ? #ps ax ( and look for screend process) What does the accept say ? Marko
1748.2		NCMAIL::SMITHB		`Thu Jan 30 1997 12:16`	3
	Screend continues to do new and strange things with each new OS release. Rules that are in the man page don't work, logging is broken in 4.0... etc.
1748.3		OSTV03::MAKI	TANSTAAFL	`Mon Feb 03 1997 00:30`	15
	Sample of the screed log. Jan 30 08:29:35 gate screend[756]: ACCEPT: UDP [202.248.XXX.XXX]->[10.2.1.11](123->123) Jan 30 08:29:35 gate screend[756]: ACCEPT: UDP [10.2.1.11]->[202.248.XXX.XXX](123->123) Jan 30 08:30:17 gate screend[756]: ACCEPT: TCP [10.2.1.11]->[202.248.XXX.XXX](4939->8080) Jan 30 08:30:17 gate screend[756]: ACCEPT: TCP [202.248.XXX.XXX]->[10.2.1.11](8080->4939) Jan 30 08:30:17 gate screend[756]: ACCEPT: UDP [202.248.XXX.XXX]->[10.2.1.11](4981->53) Jan 30 08:30:17 gate screend[756]: ACCEPT: UDP [10.2.1.11]->[202.248.XXX.XXX](53->4981) Jan 30 08:30:17 gate screend[756]: ACCEPT: UDP [202.248.XXX.XXX]->[10.2.1.11](4982->53) I will check the -l option tommorow at the customer site. Thanks. ---- Maki Watanabe [Internet System, East Japan 1 - SI DEC-Japan] Internet: [email protected]
1748.4		OSTV03::MAKI	TANSTAAFL	`Thu Feb 06 1997 03:45`	4
	The screend was running with -l option. I fixed the /sbin/init.d/screend. Thanks. mw