Rodolfo Pilas wrote: >Can I log UID of start connection? > >The server has many fw2net connections like this: > >Feb 26 14:55:12 zeta kernel: Shorewall:fw2net:REJECT:IN= OUT=eth0 >SRC=MY.IP.XX.XX DST=83.222.23.247 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 >ID=10110 DF PROTO=TCP SPT=80 DPT=13585 WINDOW=8911 RES=0x00 ACK >URGP=0 > >and I wish to locate who try to open it.
The source port is 80 - so only a privileged user can open it, I'd look for an installation of Apache you'd forgotten about. Also, try "netstat -anp", and possibly grep it's output for 80. This should show you what PID and program name has the port open. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
