[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 20020305: suominet
- Subject: Re: 20020305: suominet
- Date: Wed, 6 Mar 2002 14:54:08 -0700 (MST)
Hi Anne,
Would you be so kind as to comment out:
#exec "pqbinstats"
from your ldmd.conf file and watch to see if the errors vanish from your
logs?
The :35 minute really has me thinking it has to do with statistics
reporting. My guess is sendmail protocol which I am investigating further.
Keep in mind, any changes in your ldmd.conf file will not take place until
you stop your ldm and restart.
So..
Make change (comment out pqbinstats)
ldmadmin stop
now make sure ALL LDM rpc and processes have stopped
ps -ef | grep ldm
and/or
ps -ef | grep rpc
when none are appearing as active no rpc or ldm owned processes
(generally less than one minute)
ldmadmin start
That should do it, and I suspect you will see the errors go away.
However, we may want the stats, so we may need to make future changes,
this is kindof a debugging process.
Thank you,
-Jeff
____________________________ _____________________
Jeff Weber address@hidden
Unidata Support PH:303-497-8676
NWS-COMET Case Study Library FX:303-497-8690
University Corp for Atmospheric Research 3300 Mitchell Ln
http://www.unidata.ucar.edu/staff/jweber Boulder,Co 80307-3000
________________________________________ ______________________
On Wed, 6 Mar 2002, Anne Gorczyca wrote:
> Jeff:
>
> The error log on our firewall is showing entries like this after I blocked
> port 113
> yesterday afternoon:
>
> 03/05/2002 23:35:01.736 - TCP connection dropped -
> Source:128.117.140.62, 39136, WAN - Destination:192.52.65.171, 113, LAN -
> 'Authentication' - Rule 67
>
>
> Earlier, when I had that port open and was logging everything to syslog,
> here's an
> example of what was recorded:
>
> Dec 30 02:35:01 hercules id=firewall time="2001-12-30 02:35:01"
> fw=192.52.65.7 pri=6
> proto=tcp/113 src=128.117.140.62 dst=192.52.65.171 rcvd=260 sn=0040100EADB5
> c=1024 m=98
> n=21126
>
>
> I can pin point the exact time and date that these packets started arriving.
> It was 2:35 pm on 12/19/01. I opened port 113 on 12/20/01 and notified Frank.
>
> Good luck finding the cause.
>
> Thank you.
> Anne
>
>
>
> >>> Date: Wed, 6 Mar 2002 12:47:24 -0700 (MST)
> >>> From: Jeff Weber <address@hidden>
> >>> To: address@hidden, address@hidden, Teresa Van Hove
> <address@hidden>
> >>> cc: address@hidden
> >>> Subject: Re: 20020305: suominet
> >>>
> >>> Hello Anne and Frank,
> >>>
> >>> We do not have an LDM running on laraine...
> >>>
> >>> I suspect either dostats or pqbinstats..
> >>>
> >>> Could you please send me a relevant portion of your log so we can
> >>> determine why these messages are populating your log.
> >>>
> >>> Portmapper 111 and LDM 388 is all we need, but I am quite curious as to
> >>> what is happening on 113..
> >>>
> >>>
> >>> Thank you,
> >>>
> >>> -Jeff
> >>> ____________________________ _____________________
> >>> Jeff Weber address@hidden
> >>> Unidata Support PH:303-497-8676
> >>> NWS-COMET Case Study Library FX:303-497-8690
> >>> University Corp for Atmospheric Research 3300 Mitchell Ln
> >>> http://www.unidata.ucar.edu/staff/jweber Boulder,Co 80307-3000
> >>> ________________________________________ ______________________
> >>>
> >>> On Wed, 6 Mar 2002, Unidata Support wrote:
> >>>
> >>> >
> >>> > ------- Forwarded Message
> >>> >
> >>> > >To: "address@hidden" <address@hidden>,
> >>> > >To: "Frank D. Lind" <address@hidden>,
> >>> > >To: shad <address@hidden>
> >>> > >From: Teresa Van Hove <address@hidden>
> >>> > >Subject: [Fwd: Re: suominet]
> >>> > >Organization: GST
> >>> > >Keywords: 200203061626.g26GQhK16901
> >>> >
> >>> > Unidata support,
> >>> >
> >>> > Can you turn off the request to MIT suominet site from laraine?
> >>> > They are getting an authentication request. We dont need that
> >>> > port for our routine ldm collection of their data.
> >>> >
> >>> > Thanks,
> >>> >
> >>> > Teresa
> >>> >
> >>> > -------- Original Message --------
> >>> > Subject: Re: suominet
> >>> > Date: Wed, 06 Mar 2002 10:19:03 -0500
> >>> > From: "Frank D. Lind" <address@hidden>
> >>> > To: Teresa Van Hove <address@hidden>
> >>> > CC: shad oneel <address@hidden>, Anne Gorczyca
> >>> > <address@hidden>
> >>> > References: <address@hidden>
> >>> > <address@hidden> <3
> >>> >
> >>> > Hi Teresa,
> >>> >
> >>> > We have configured our firewall as follows now :
> >>> >
> >>> > 128.117.39.0/24 subnet : allow 21 (ssh), 111 (rpc), 388 (ldm)
> >>> > 128.117.29.0/24 subnet : allow 21 (ssh), 111 (rpc), 388 (ldm)
> >>> >
> >>> > You should be able to access the suominet machine 192.52.65.171 from
> >>> > any host on the two subnets now. We have noticed that our firewall is
> >>> > now
> >>> > blocking hourly requests from host 128.117.140.62
> >>> > (laraine.unidata.ucar.edu)
> >>> > on port 113/tcp. Is port 113 (authentication service) from this host
> >>> > required
> >>> > or can you guys turn the requests off at the source so they don't fill
> >>> > up our log files?
> >>> >
> >>> > Thanks,
> >>> >
> >>> > Frank Lind
> >>> >
> >>> >
> >>> > --
> >>> > Frank D. Lind email: address@hidden
> >>> > MIT Haystack Observatory WWW: http://www.haystack.mit.edu
> >>> > Route 40 tel: 781 981 5570
> >>> > Westford, MA 01886 USA fax: 781 981 5766
> >>> >
> >>> >
> >>> > ------- End of Forwarded Message
> >>> >
> >>> >
> >>>
> >>>
>
>