On Wed, 15 Jan 2003 09:13:59 -0700, Shawn Grover wrote:
>I thought about logging the incoming packets until I can figure out what's
>going on, but am not totally clear on how to implment it. If I specify a
>"-j LOG" before the lines for forwarding the external connections to the
>server, will that halt processing on the LOG line (does it fall off the
>chain at this point)? or does it simply log the packet and pass it to the
>next rule?
example:
$iptables -A check_flags -p tcp --tcp-option 128 -m limit \
--limit 5/minute -j LOG --log-level 7 --log-prefix \
"Bogus TCP FLAG 128:"
>Also, with regards to logging, I'm not sure how/where to examine the logs
>after the fact. I'm sure there's a file, or an iptables command, but
>haven't found it yet. I've noted that when I DO use the log options, the
>log messages show up in my console session (hence the reason I'm not using
>logs right now). Do I need to do something to reroute these messages to a
>file? Or even to TTY8 or something like that.
edit /etc/syslog.cong; send all "kern.*" messages to /var/log/kernel
I still haven't figured out a way to get the messages not to appear on the console as they log, but i'm always via ssh, so it does not bother me.
>As for the Gateway, the router's internal IP is 192.168.0.1 - this is the
>default gateway for the server. Is this not correct? Should I be clearing
>the server's gateway?
The server should have a default route of 192.168.0.1, if that is the internal ip address of your router.
>
>Thanks for the help Wade (and all others). I owe ya a beer.
>
>Shawn
>
>-----Original Message-----
>From: Wade Dyck [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 15, 2003 8:28 AM
>To: [EMAIL PROTECTED]
>Subject: RE: (clug-talk) Need help with IPTables / router configuration
>
>
>Hi Shawn,
>
>Nothing is jumping out at me as being the problem....
>
>Are the IPs and masks correct?
>Is the internal server using the firewall as a gateway? This could be
>the problem because when you access it via the external address from
>your workstation, the IP is SNATed to the firewalls internal IP.
>Otherwise the connection will only be DNATed so the server will see the
>real external IP of the client and must return through the firewall.
>
>You might want to use tcpdump in conjunction with some -j LOG targets to
>narrow this down
>
>
>Wade.
>
>
>
- Re: (clug-talk) Need help with IPTables / router configur... Aaron J. Seigo
- Re: (clug-talk) Need help with IPTables / router con... Kevin Anderson
- Re: (clug-talk) Need help with IPTables / router configur... Kevin Anderson
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... timmy
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
