Thursday, May 11, 2006

Iptables again

During the last 3-4 days, I've been playing with Iptables:

1. I'm having an issue where my SSH sessions to wigglit.ath.cx time out. Last night, I flushed the firewall rules and left the firewall bare of rules for the night while leaving a term logged in via SSH. The session still timed out but I don't know if this is an eventual time out or something related to SSH. I don't have any rulesets related to SSH in my Iptables file (with the exception of allowing all SSH).

2. I've been testing some firewall log parsers, namely fwlogwatch and wflogs. Both are nice, but wflogs has more configuration options. Both supposedly parse Snort logs, but I haven't been able to do this with either tool. Both tools are out-dated with no activity to either project in the last few years.

3. The ##slackware bot, slackboy, doesn't start automatically when I reboot the wigglit.ath.cx server, but does throw a MSG534 error, which doesn't make sense. There's also not much Google data on this particular error, especially solutions to the issue. I've a line added in /etc/rc.d/rc.local (su ron -c /home/ron/eggdrop/eggdrop /home/ron/eggdrop/slackboy.conf) that will sometimes run and sometimes not (when I execute it manually). Today, I just ran it as a normal user in the bot's directory (eggdrop -c slackboy.conf) and it worked. Weird.

I'm also using my Linksys wifi card (the WPC54GS PCMCIA card). I've done this in the past and actually have a script that I use to initiate the card. This card has no opensource drivers so I use ndiswrapper. Here's the dmesg initiation data:

ndiswrapper version 0.11 loaded (preempt=no,smp=no)
PCI: Setting latency timer of device 03:00.0 to 64
ndiswrapper: using irq 11
wlan0: ndiswrapper ethernet device 00:0f:66:4a:42:6a using driver lsbcmnds
wlan0: encryption modes supported: WEP, WPA with TKIP, AES/CCMP
ndiswrapper: driver lsbcmnds (Cisco-Linksys ,LLC.,02/19/2004, 3.50.21.11) added

The lsbcmnds driver is a Windows driver that ndiswrapper uses. I can't use this driver for things such as Kismet, but for typical enduser type work, it is functional. I'd rather not have to buy another wifi card just to be Linux-idealistic.

I also want to be able to use WPA, but I'm only using WEP at the moment. The reason for this is that my Tivo uses wireless to pull programming data. The wifi adapter that I'm using is supported by Tivo but I don't believe it has WPA capability. This is the only thing holding me back from using WPA. The adapter is a WUSB11 v2.8. I shall double-check to see if it is WPA-capable. Even so, I'd still like to eventually get away from 11B. That's going to be hard to get away from, since Tivo only has limited support for 54G.

2 comments:

Anonymous said...

Hi Ron! I've stumbled upon this post while searching the for the meaning of MSG534 error in Google with the following query string:

"* MSG534" +eggdrop

I read the post through its start to the end and did exactly what you did. Instead of repeatedly and fruitlessly trying to launch it into background with `./eggdrop' or `./eggdrop -n' (which ends in both cases with MSG534 error message) I ran `./eggdrop -c $MYCONFFILE' and it started.

For no obvious reason it kept refusing to start for several days.

-c switch really helps solve this problem so I just wanted to let you know that you're not alone with this and say thanks for this bit of information.

RS said...

I'm glad that some of my postings are helping someone. IMO, this is what its all about...sharing information. Thanks for sharing your eggdrop experiences!