I am trying to have my ipchains firewall log whenever a packets are allowed through over MS terminal server(port 3389). My rules are as follows:
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -d xxx.xxx.xxx.xxx 3389 -j ACCEPT -l
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT -l
I am able to get through using terminal server just fine, but I would like to know when people connect to it.(and what ip address they came from)
I am not sure why I am not able to log when packets pass through these ports. Any help is appreciated.
