Sorry, miread your question:
When you specify log options, you must also specify what to do with the packet in regards to DROP, REJECT, etc:
$iptables -A check_flags -p tcp --tcp-option 128 -m limit \
--limit 5/minute -j LOG --log-level $loglevel --log-prefix \
"Bogus TCP FLAG 128"
$iptables -A check_flags -p tcp --tcp-option 128 -j DROP
This will log the incoming packet, and drop it as well. Otherwise, from my example below, all that will be happening is the packet will be logged. Unless you have DROP as your default rule on the INPUT chain, of course, which you should.
tim
--Original Message Text---
From: timmy
Date: Wed, 15 Jan 2003 09:24:57 -0700
On Wed, 15 Jan 2003 09:13:59 -0700, Shawn Grover wrote:
>I thought about logging the incoming packets until I can figure out what's
>going on, but am not totally clear on how to implment it. If I specify a
>"-j LOG" before the lines for forwarding the external connections to the
>server, will that halt processing on the LOG line (does it fall off the
>chain at this point)? or does it simply log the packet and pass it to the
>next rule?
example:
$iptables -A check_flags -p tcp --tcp-option 128 -m limit \
--limit 5/minute -j LOG --log-level 7 --log-prefix \
"Bogus TCP FLAG 128:"
>Also, with regards to logging, I'm not sure how/where to examine the logs
>after the fact. I'm sure there's a file, or an iptables command, but
>haven't found it yet. I've noted that when I DO use the log options, the
>log messages show up in my console session (hence the reason I'm not using
>logs right now). Do I need to do something to reroute these messages to a
>file? Or even to TTY8 or something like that.
edit /etc/syslog.cong; send all "kern.*" messages to /var/log/kernel
I still haven't figured out a way to get the messages not to appear on the console as they log, but i'm always via ssh, so it does not bother me.
>As for the Gateway, the router's internal IP is 192.168.0.1 - this is the
>default gateway for the server. Is this not correct? Should I be clearing
>the server's gateway?
The server should have a default route of 192.168.0.1, if that is the internal ip address of your router.
>
>Thanks for the help Wade (and all others). I owe ya a beer.
>
>Shawn
>
>-----Original Message-----
>From: Wade Dyck [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 15, 2003 8:28 AM
>To: [EMAIL PROTECTED]
>Subject: RE: (clug-talk) Need help with IPTables / router configuration
>
>
>Hi Shawn,
>
>Nothing is jumping out at me as being the problem....
>
>Are the IPs and masks correct?
>Is the internal server using the firewall as a gateway? This could be
>the problem because when you access it via the external address from
>your workstation, the IP is SNATed to the firewalls internal IP.
>Otherwise the connection will only be DNATed so the server will see the
>real external IP of the client and must return through the firewall.
>
>You might want to use tcpdump in conjunction with some -j LOG targets to
>narrow this down
>
>
>Wade.
>
>
>
- Re: (clug-talk) Need help with IPTables / router configur... Kevin Anderson
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
- RE: (clug-talk) Need help with IPTables / router configur... timmy
- RE: (clug-talk) Need help with IPTables / router configur... Shawn Grover
