iptables and/or CUPS question

[Bill Tangren]

Burke, Thomas G. wrote:
> I cannot answer you question, as I am still using ipchains.  However,
> 10.255.255.255 is the broadcast address for the 10.x.x.x series of
> networks.   IIUC, 10.1.5.8 is broadcasting to the 10.x.x.x network that
> the service on port 631 is available.  It appears to be receiving
> something from 10.1.4.238 (a different network) that is an invalid
> packet.  Of course, it's been a long while since I've looked at this
> sort of thing, so I may be full of horse hockey.
> 
> 	-Tom
>  
> 
> -----Original Message-----
> 
> My RHEL ES4 box is behind a firewall. I have it set up as a CUPS print
> server. I noticed that I was getting this in my logwatch output (when
> Detail is set to Low):
> 
>   --------------------- Kernel Begin ------------------------
>    From 10.1.5.58 - 2764 packets to udp(631)
>   ---------------------- Kernel End -------------------------
> 
> My box IS 10.1.5.58. It looked like iptables on my box was stopping
> packets from itself, so I bumped up the detail to Med, and got this:
> 
>   --------------------- Kernel Begin ------------------------
>     From 10.1.5.58 - 2777 packets
>        To 10.255.255.255 - 2777 packets
>           Service: ipp (udp/631) (INPUT packet died:,eth0,none) - 2777
> packets
>   ---------------------- Kernel End -------------------------
> 
> This is a typical /var/log/message entry:
> 
> 
> Could anyone tell me (or point me to a link that explains) why iptables
> is doing this. It occurred to me that the print server might be badly
> configured, but I am able to use it to print from other computers on our
> network. And, there is no 10.255.255.255 box on the network.
> 
> 

Sorry. I cut and pasted the wrong packet. This is a better example:

Aug 11 03:07:14 mach2 kernel: INPUT packet died: IN=eth0 OUT= MAC= 
SRC=10.1.5.58 DST=10.255.255.255 LEN=175 TOS=0x00 PREC=0x00 TTL=64 
ID=1832 DF PROTO=UDP SPT=631 DPT=631 LEN=155