Re: [Shorewall-users] iptrace doesn't log anything

Wed, 19 Jun 2013 17:15:30 -0700 

Hi,

Tom Eastep wrote:
> Just tried this on a Ubuntu system that doesn't use ulogd; output was
> written to /var/log/kern.log.

I tried it again, it doesn't work on my system:

vm-x64 ~ # mv /var/log/kern.log /var/log/kern.log.bak
vm-x64 ~ # /etc/init.d/rsyslog restart
 * Stopping  ...
 * Stopping rsyslogd ...

                                         [ ok ]
 * Starting rsyslogd ...

                                         [ ok ]
vm-x64 ~ # cat /var/log/kern.log
cat: /var/log/kern.log: No such file or directory
vm-x64 ~ # shorewall iptrace -d 8.8.8.8
vm-x64 ~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=8.34 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=8.25 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=50 time=8.28 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 8.255/8.292/8.340/0.082 ms
vm-x64 ~ # cat /var/log/kern.log
cat: /var/log/kern.log: No such file or directory


Now I started a portscan from another system against the firewall.
Because of the last policy (all all reject info) this should be
logged:


vm-x64 ~ # cat /var/log/kern.log
Jun 20 02:01:17 vm-x64 kernel: [463833.499336]
Shorewall:net2fw:REJECT:IN=eth1 OUT=
MAC=00:0a:e4:89:9a:e6:00:11:XX:XX:XX:XX:XX:XX SRC=1.2.3.4 DST=9.8.7.6
LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=61638 PROTO=ICMP TYPE=13 CODE=0
Jun 20 02:01:18 vm-x64 kernel: [463833.895735]
Shorewall:net2fw:REJECT:IN=eth1 OUT=
MAC=00:0a:e4:89:9a:e6:00:11:XX:XX:XX:XX:XX:XX SRC=1.2.3.4 DST=9.8.7.6
LEN=28 TOS=0x00 PREC=0x00 TTL=50 ID=61615 PROTO=UDP SPT=50897
DPT=18996 LEN=8
[...]


Again, as you can see, loggin itself is working fine. But just the
TRACE doesn't work.

Any idea what could be the problem? Where to look?

I am using iptables v1.4.19.1 and kernel 3.9.6.

My shorewall.conf: http://pastebin.com/raw.php?i=fe8P9JtA


Thanks.


-- 
Regards,
Igor

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to