General discussion

Locked

ipchains logging

By cp409sd ·
I am trying to have my ipchains firewall log whenever a packets are allowed through over MS terminal server(port 3389). My rules are as follows:

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -d xxx.xxx.xxx.xxx 3389 -j ACCEPT -l

ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT -l

I am able to get through using terminal server just fine, but I would like to know when people connect to it.(and what ip address they came from)

I am not sure why I am not able to log when packets pass through these ports. Any help is appreciated.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

ipchains logging

by randyarnold In reply to ipchains logging

First you list the chains and see if these rules are passing packets.

ipchains -L -v | less

If they are email me.

Randy

Collapse -

ipchains logging

by cp409sd In reply to ipchains logging

I listed the rules, and yes these are passing packets. I also know they are able to pass because I can use terminal services through the firewall while it is up. Here is one of the rules:

ACCEPT tcp ----l- anywhere hostname any -> 3389

Collapse -

ipchains logging

by schannachie In reply to ipchains logging

Hi,

Got an idea only, that is hard to tell with no aditional data. So in these cases I allways do this.

a.- start a packet sniffer

tcpdump -i eth_interface_name > dump.file.000

b.- before I start with this kind of job install iptraf 2.3.x ip trafic analizer so I can scan the ports that are used and how they are used.

I'ts the only way to now realy how the ip sockets are working.

As you ask for a way to log the activity at the given port you can see it with a port redirect software (rinetd). You can download this software from www.boutell.com/rinetd

I had some trouble packet switching with ipchains, in my rules I'm also using masquerading. That was the best reason to install rinetd. I found that I can't use ipchains to redirect ports.

Hope it helps

Collapse -

ipchains logging

by cp409sd In reply to ipchains logging

Thanks for your help.

Collapse -

ipchains logging

by cp409sd In reply to ipchains logging

This question was closed by the author

Back to Linux Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums