On 25/05/07, Jonathan Underwood <[EMAIL PROTECTED]> wrote: > On 25/05/07, Simon Hobson <[EMAIL PROTECTED]> wrote: > > Jonathan Underwood wrote: > > > SSH/ACCEPT net $FW - - - - 3/min:3 > > > > I would add logging to that statement and see what happens. > > eg: > > > > SSH/ACCEPT:info net $FW - - - - 3/min:3 > This results in these messages (with a couple of obfuscations in IP addresses: > > Shorewall:net2fw:ACCEPT:IN=eth0 OUT= > MAC=00:xx:xx:xx:c2:49:00:d0:79:xx:98:00:08:00 SRC=130.xx.69.87 > DST=128.xx.2.35 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=26203 DF PROTO=TCP > SPT=53708 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 > Shorewall:net2fw:ACCEPT:IN=eth0 OUT= > MAC=00:xx:xx:xx:xx:49:00:xx:79:xx:98:00:08:00 SRC=130.xx.69.87 > DST=128.xx.2.35 LEN=64 TOS=0x00 PREC=0x00 TTL=53 ID=26293 DF PROTO=TCP > SPT=53708 DPT=22 WINDOW=2485 RES=0x00 ACK URGP=0 > Shorewall:net2fw:ACCEPT:IN=eth0 OUT= > MAC=00:xx:xx:xx:xx:49:00:d0:79:95:98:00:08:00 SRC=130.xx.69.87 > DST=128.xx.2.35 LEN=64 TOS=0x00 PREC=0x00 TTL=53 ID=26324 DF PROTO=TCP > SPT=53708 DPT=22 WINDOW=3995 RES=0x00 ACK URGP=0 > Shorewall:net2fw:ACCEPT:IN=eth0 OUT= > MAC=00:xx:xx:xx:xx:49:00:d0:79:95:98:00:08:00 SRC=130.xx.69.87 > DST=128.xx.2.35 LEN=72 TOS=0x00 PREC=0x00 TTL=53 ID=27573 DF PROTO=TCP > SPT=53708 DPT=22 WINDOW=6036 RES=0x00 ACK URGP=0
oh. Duh. I'm dumb - they're obviously the messages corresponding to the ssh session I have open to examine the logs on the remote server :) So it seems the stalled scp transfer isn't causing anything to be logged. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
