Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Over my head

Looks like ipfw thinks it should be logging accepted packets.

try "sudo ipfw list" and see what it tells you.

As an example, here are a few rules from my firewall as
reported by "sudo ipfw list":

00010 allow ip from any to any via lo*
00030 deny log ip from 224.0.0.0/3 to any in
00040 deny log tcp from any to 224.0.0.0/3 in
65000 unreach net log tcp from any to any in setup
65000 unreach net log udp from any to any 0-1023 in
65535 allow ip from any to any

Rules 00030, 00040 and 65000 are all going to generate log
statements, but the others will not. Based on the output
below it seems like your one of more of your "allow" rules
have probably been told to log each access.

There is probably a setting for this in the GUI firewall
administration, but I don't know where.


Peter


doug wrote:
Okay. Wow, thanks for all the responses. I think I removed the offending character/return. Now I seem to have a different problem. Sorry to be such an idiot, but does anyone have an idea on this system log output? This is just a part, it goes on and on:

May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:951 127.0.0.1:1033 in via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 out via lo0
May 29 11:50:53 s2 mach_kernel: ipfw: 10 Accept TCP 127.0.0.1:1033 127.0.0.1:951 in via lo0

Thanks,

DV


On Thursday, May 29, 2003, at 10:48 AM, Jeff Donovan wrote:

greetings
sounds like you have an invalid character in your config file.
go to /etc
and vi named.conf
look for anything not right. ( I know it sounds funny ) but it sounds like the file is not a straight text file.
named is up but something is not right in your config file.
--jeff
On Thursday, May 29, 2003, at 10:20 AM, doug wrote:

Maybe you or other list members can help me! I thought I knew enough about DNS by now, but this one has me stumped. Here is the system log on BIND start up:

May 28 19:57:14 s2 named[1456]: starting (/etc/named.conf). named 8.3.4-REL Tue Nov 19 03:31:14 PST 2002 root@sting:/private/var/tmp/bind/bind-13.obj~7/bin/named
May 28 19:57:14 s2 named[1456]: /etc/named.conf:1: syntax error near '^M'
May 28 19:57:14 s2 named[1456]: listening on [127.0.0.1].53 (lo0)
May 28 19:57:14 s2 named[1456]: listening on [192.168.1.22].53 (en0)
May 28 19:57:14 s2 named[1456]: Forwarding source address is [0.0.0.0].49290
May 28 19:57:14 s2 named[1456]: Ready to answer queries.
May 28 19:57:14 s2 named[1456]: sysquery: nlookup error on ?
May 28 19:57:32 s2 WindowServer[1437]: CGXRemoveTrackingArea : Invalid tracking area
May 28 19:57:32 s2 WindowServer[1437]: CGXRemoveTrackingArea : Invalid tracking area
May 28 19:59:29 s2 named[1456]: No root nameservers for class IN
May 28 19:59:29 s2 named[1456]: sysquery: nlookup error on ?

I have searched for "syntax error near ^M" but there are no such characters in the named.conf file. The result is that DNS is running, but not completely and the Web sites we host are not accessible from within the LAN. Arrgh!

Any suggestions are welcome

DV



On Wednesday, May 28, 2003, at 02:30 PM, Ted Dively wrote:

On 05/28/03 Ned Kettell <email@hidden> wrote:

I am hoping that I can buy QuickDNS from Men and Mice to take some of
the mystery out of DNS. Is this my best move? Should I still purchase
O'Reilly DNS and Bind?


Spend your money on the O'Reilly DNS/BIND book, take a couple of hours and learn how to implement DNS on your own. As easy as the Men and Mice product makes it to administer DNS, they're basically selling you a GUI interface to manage the text files that you can easily create, edit, and manage on your own. I'm an idiot, and I now take care of our DNS without breaking a sweat thanks to the O'Reilly book's authors. Also, now that I "get" DNS, I can set up and manage our clients' DNS as they migrate to servers running OS X and Linux. If you really, really want a GUI method for managing DNS/BIND on OSX, check out the Web-based tool, Webmin, which is free, and which also lets you control many other aspects of your server(s). In short, learning to fish was for me, in this case at least, easy and not too time consuming, and I highly recommend it to you.

Best regards,

Ted Dively
********************************************************************* ****
Group D Communications -- IT Support, Databases, Networking, Web Sites
POB 170697
San Francisco, CA 94117-0697
PH 415.401.8333
FX 415.401.8334
http://www.groupd.com
ted at groupd dot com
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.

_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.

_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.

_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Over my head (From: doug <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.