Tom, On Tue, Apr 5, 2011 at 3:41 PM, Tom Eastep <[email protected]> wrote: >>> Please see if you can find that packet in the log; it should have the >>> Ethernet header included (Shorewall strips that part of the log >>> message). That way, we can find out who sent it. >> >> I'm sorry, what log are you referring to? > > /var/log/messages
Other than the shorewall messages that's it. They are: Apr 5 08:24:09 vpn kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=208.69.72.26 DST=192.168.0.212 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=54822 DF PROTO=TCP SPT=51690 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 5 10:23:05 vpn kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=208.69.72.26 DST=192.168.0.212 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=22305 DF PROTO=TCP SPT=55032 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 5 10:23:07 vpn kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=208.69.72.26 DST=192.168.0.212 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=6031 DF PROTO=TCP SPT=55042 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 5 10:23:08 vpn kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=208.69.72.26 DST=192.168.0.212 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=35898 DF PROTO=TCP SPT=55056 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Nothing else is logging traffic and shorewall, only for rejections and drops. Maybe I need to break it again and then try it while doing a packet capture? Or is there a way to get shorewall to dump the packet to the log file and include the ethernet header? Thanks! Chris ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
