General discussion

  • Creator
    Topic
  • #2104205

    ipchains logging

    Locked

    by cp409sd ·

    I am trying to have my ipchains firewall log whenever a packets are allowed through over MS terminal server(port 3389). My rules are as follows:

    ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -d xxx.xxx.xxx.xxx 3389 -j ACCEPT -l

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT -l

    I am able to get through using terminal server just fine, but I would like to know when people connect to it.(and what ip address they came from)

    I am not sure why I am not able to log when packets pass through these ports. Any help is appreciated.

All Comments

  • Author
    Replies
    • #3672626

      ipchains logging

      by randyarnold ·

      In reply to ipchains logging

      First you list the chains and see if these rules are passing packets.

      ipchains -L -v | less

      If they are email me.

      Randy

      • #3759359

        ipchains logging

        by cp409sd ·

        In reply to ipchains logging

        I listed the rules, and yes these are passing packets. I also know they are able to pass because I can use terminal services through the firewall while it is up. Here is one of the rules:

        ACCEPT tcp —-l- anywhere hostname any -> 3389

    • #3706744

      ipchains logging

      by schannachie ·

      In reply to ipchains logging

      Hi,

      Got an idea only, that is hard to tell with no aditional data. So in these cases I allways do this.

      a.- start a packet sniffer

      tcpdump -i eth_interface_name > dump.file.000

      b.- before I start with this kind of job install iptraf 2.3.x ip trafic analizer so I can scan the ports that are used and how they are used.

      I’ts the only way to now realy how the ip sockets are working.

      As you ask for a way to log the activity at the given port you can see it with a port redirect software (rinetd). You can download this software from http://www.boutell.com/rinetd

      I had some trouble packet switching with ipchains, in my rules I’m also using masquerading. That was the best reason to install rinetd. I found that I can’t use ipchains to redirect ports.

      Hope it helps

    • #3724839

      ipchains logging

      by cp409sd ·

      In reply to ipchains logging

      This question was closed by the author

Viewing 2 reply threads