Sometimes firewall drops nf_ct_ftp messages to console and disturbs the work during increased amount of traffic to FTP port.
1 2 3 4 5 6 7 8 |
Message from syslogd@web1 at Jan 27 12:28:40 ... kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=94.23.15.229 DST=36.252.2.15 LEN=53 TOS=0x10 PREC=0x00 TTL=64 ID=62620 DF PROTO=TCP SPT=21 DPT=61868 SEQ=256869292 ACK=3387663834 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0 Message from syslogd@web1 at Jan 27 12:28:40 ... kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=94.23.15.229 DST=36.252.2.15 LEN=53 TOS=0x10 PREC=0x00 TTL=64 ID=62621 DF PROTO=TCP SPT=21 DPT=61868 SEQ=256869292 ACK=3387663834 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0 Message from syslogd@web1 at Jan 27 12:28:41 ... kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=94.23.15.229 DST=36.252.2.15 LEN=53 TOS=0x10 PREC=0x00 TTL=64 ID=13439 DF PROTO=TCP SPT=21 DPT=32394 SEQ=1981989941 ACK=3962951258 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0 |
Those messages may be redirected by creating a file /etc/rsyslog.d/iptables.conf with contents:
1 2 |
:msg, contains, "nf_ct_ftp:" -/var/log/messages & ~ |
Then restart rsyslog daemon, and all those messages should be logged to /var/log/messages from now on:
1 |
service rsyslog restart |