* [gentoo-user] [OT router advice] a router capable of detailed logs
@ 2011-04-19 3:31 Harry Putnam
2011-04-19 6:02 ` Mick
` (4 more replies)
0 siblings, 5 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-19 3:31 UTC (permalink / raw
To: gentoo-user
This is way OT, but this list is such a great resource I suspect the
advice gotten here will be more to the point. ( I have posted to a
network hardware group as well)
I've bumped my home lan router to a gigabit from the old 10/100
(NETGEAR FVS318).
I made the move for the gigabit lan ports mainly. That is, I was
happy with other aspects of the old router. I ended up with a cisco
RVS4000 v2.
The cisco solved the gigabit problem with 4 lan ports and even a
gigabit on the Internet port... (which is probably not really doing
any thing on a cable connection). And it wasn't hideously
expensive ($112.91).
I could have solved the problem with gigabit switches behind the
router for lan usage, just as well, and may go to that yet, and move
back to the old NETGEAR router. But somehow I expected the cisco to
be something that was `excitingly' new and fun to play with.
I'm disappointed in the cisco so far as logging is concerned.
The logs give only bare information like this:
Mar 10 10:24:21 - [Firewall Log-PORT SCAN] TCP Packet - 60.173.11.56 --> 98.217.231.32
Mar 10 10:24:21 - [Firewall Log-PORT SCAN] TCP Packet - 60.173.11.56 --> 98.217.231.32
[...]
No mention of which port is involved. Not only on port scans but
ports are never reported. And of course if you wanted to pursue any
of it by way of google, you'd need the port number.
The Old Netgear sent logs like this (wrapped for mail):
Sat, 2007-07-28 12:00:11 - TCP packet - Source: 161.170.244.20 -
Destination: 70.131.83.195 - [Invalid sequence number received with
Reset, dropping packet Src 443 Dst 1385 from WAN]
------- --------- ---=--- --------- --------
I went for the cisco instead of a newer `gigabit' NETGEAR after seeing
several bad reviews about them. And I just assumed the cisco would
have as good or better other features.
Another little problem is that the Cicso had reached its end of life
and was reported as such by cisco, well before I bought it. But of
course, retailers (not cisco) don't bother to give that kind of info,
but the result is that a kind of blackball list that was part of the
deal is no longer kept up to date.
So, cutting to the chase; can anyone recommend from actual use, a home
lan router that has gigabit lan ports and very configurable/
informative logging options?
ps - I'm not interested in running an old linux or openbsd, machine as
router. Having a silent cool router the size and weight of a medium
book is too appealing.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
@ 2011-04-19 6:02 ` Mick
2011-04-20 15:56 ` [gentoo-user] " Harry Putnam
2011-04-19 6:54 ` [gentoo-user] " Joost Roeleveld
` (3 subsequent siblings)
4 siblings, 1 reply; 48+ messages in thread
From: Mick @ 2011-04-19 6:02 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 446 bytes --]
On Tuesday 19 April 2011 04:31:38 Harry Putnam wrote:
> So, cutting to the chase; can anyone recommend from actual use, a home
> lan router that has gigabit lan ports and very configurable/
> informative logging options?
Have you gone through the documentation to see if there isn't a more verbose
option for the logs?
Do you get the same condensed format when you capture the logs in your LAN
syslog server?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
2011-04-19 6:02 ` Mick
@ 2011-04-19 6:54 ` Joost Roeleveld
2011-04-20 16:16 ` [gentoo-user] " Harry Putnam
2011-04-19 9:15 ` [gentoo-user] " Peter Humphrey
` (2 subsequent siblings)
4 siblings, 1 reply; 48+ messages in thread
From: Joost Roeleveld @ 2011-04-19 6:54 UTC (permalink / raw
To: gentoo-user
On Monday 18 April 2011 22:31:38 Harry Putnam wrote:
<snipped - Not familiar with CISCO specifics>
> So, cutting to the chase; can anyone recommend from actual use, a home
> lan router that has gigabit lan ports and very configurable/
> informative logging options?
Not familiar with specific types, but I've had best results with the routers
from Zyxel. The one I used to use (ADSL) would provide a lot of information
via SNMP and other logging-options.
Also, this one had no problem with multiple (1000+) simultaneous connections.
Which is something other brands suffer from regularly.
> ps - I'm not interested in running an old linux or openbsd, machine as
> router. Having a silent cool router the size and weight of a medium
> book is too appealing.
I understand the sentiment. I've since stopped using pre-made routers as I had
the machine running anyway as a home-server and moving the router/firewall/...
onto the server wasn't too much of a change and did mean I could switch off a
small device.
--
Joost
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
2011-04-19 6:02 ` Mick
2011-04-19 6:54 ` [gentoo-user] " Joost Roeleveld
@ 2011-04-19 9:15 ` Peter Humphrey
2011-04-20 16:23 ` [gentoo-user] " Harry Putnam
2011-04-19 10:17 ` [gentoo-user] " Pandu Poluan
2011-04-19 10:18 ` Stroller
4 siblings, 1 reply; 48+ messages in thread
From: Peter Humphrey @ 2011-04-19 9:15 UTC (permalink / raw
To: gentoo-user
On Tuesday 19 April 2011 04:31:38 Harry Putnam wrote:
> I'm not interested in running an old linux or openbsd, machine as router.
> Having a silent cool router the size and weight of a medium book is too
> appealing.
I'm gazing at an Atom box sitting on my window-sill that would be ideal. It's
silent and it has gigabit LAN connections. It's 8" square by 1 3/8". Have a look
at www.aleutia.com.
--
Rgds
Peter
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
` (2 preceding siblings ...)
2011-04-19 9:15 ` [gentoo-user] " Peter Humphrey
@ 2011-04-19 10:17 ` Pandu Poluan
2011-04-19 10:18 ` Stroller
4 siblings, 0 replies; 48+ messages in thread
From: Pandu Poluan @ 2011-04-19 10:17 UTC (permalink / raw
To: gentoo-user
On Tue, Apr 19, 2011 at 10:31, Harry Putnam <reader@newsguy.com> wrote:
> This is way OT, but this list is such a great resource I suspect the
> advice gotten here will be more to the point. ( I have posted to a
> network hardware group as well)
>
> I've bumped my home lan router to a gigabit from the old 10/100
> (NETGEAR FVS318).
>
> I made the move for the gigabit lan ports mainly. That is, I was
> happy with other aspects of the old router. I ended up with a cisco
> RVS4000 v2.
>
> The cisco solved the gigabit problem with 4 lan ports and even a
> gigabit on the Internet port... (which is probably not really doing
> any thing on a cable connection). And it wasn't hideously
> expensive ($112.91).
>
> I could have solved the problem with gigabit switches behind the
> router for lan usage, just as well, and may go to that yet, and move
> back to the old NETGEAR router. But somehow I expected the cisco to
> be something that was `excitingly' new and fun to play with.
>
> I'm disappointed in the cisco so far as logging is concerned.
>
> The logs give only bare information like this:
>
> Mar 10 10:24:21 - [Firewall Log-PORT SCAN] TCP Packet - 60.173.11.56 --> 98.217.231.32
> Mar 10 10:24:21 - [Firewall Log-PORT SCAN] TCP Packet - 60.173.11.56 --> 98.217.231.32
> [...]
>
> No mention of which port is involved. Not only on port scans but
> ports are never reported. And of course if you wanted to pursue any
> of it by way of google, you'd need the port number.
>
> The Old Netgear sent logs like this (wrapped for mail):
>
> Sat, 2007-07-28 12:00:11 - TCP packet - Source: 161.170.244.20 -
> Destination: 70.131.83.195 - [Invalid sequence number received with
> Reset, dropping packet Src 443 Dst 1385 from WAN]
>
> ------- --------- ---=--- --------- --------
>
> I went for the cisco instead of a newer `gigabit' NETGEAR after seeing
> several bad reviews about them. And I just assumed the cisco would
> have as good or better other features.
>
> Another little problem is that the Cicso had reached its end of life
> and was reported as such by cisco, well before I bought it. But of
> course, retailers (not cisco) don't bother to give that kind of info,
> but the result is that a kind of blackball list that was part of the
> deal is no longer kept up to date.
>
> So, cutting to the chase; can anyone recommend from actual use, a home
> lan router that has gigabit lan ports and very configurable/
> informative logging options?
>
> ps - I'm not interested in running an old linux or openbsd, machine as
> router. Having a silent cool router the size and weight of a medium
> book is too appealing.
>
Have you checked out Mikrotik's RB750G? 5 GbE ports:
http://routerboard.com/pricelist/download_file.php?file_id=256
Mikrotik OS is Linux-based, the firewall is Netfilter-based, and it's
Lua-scriptable.
Rgds,
--
Pandu E Poluan
~ IT Optimizer ~
Visit my Blog: http://pepoluan.posterous.com
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
` (3 preceding siblings ...)
2011-04-19 10:17 ` [gentoo-user] " Pandu Poluan
@ 2011-04-19 10:18 ` Stroller
2011-04-19 14:50 ` Paul Hartman
` (2 more replies)
4 siblings, 3 replies; 48+ messages in thread
From: Stroller @ 2011-04-19 10:18 UTC (permalink / raw
To: gentoo-user
On 19/4/2011, at 4:31am, Harry Putnam wrote:
> ...
> So, cutting to the chase; can anyone recommend from actual use, a home
> lan router that has gigabit lan ports and very configurable/
> informative logging options?
>
> ps - I'm not interested in running an old linux or openbsd, machine as
> router. Having a silent cool router the size and weight of a medium
> book is too appealing.
Consider OpenWRT. You can run it on something like the Netgear WNR2000, the Buffalo WZR-HP-G300NH, or something even cheaper if you don't need wifi.
Stroller.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 10:18 ` Stroller
@ 2011-04-19 14:50 ` Paul Hartman
2011-04-20 2:01 ` W.Kenworthy
2011-04-20 18:15 ` Harry Putnam
2011-04-20 19:14 ` Harry Putnam
2 siblings, 1 reply; 48+ messages in thread
From: Paul Hartman @ 2011-04-19 14:50 UTC (permalink / raw
To: gentoo-user
On Tue, Apr 19, 2011 at 5:18 AM, Stroller
<stroller@stellar.eclipse.co.uk> wrote:
>
> On 19/4/2011, at 4:31am, Harry Putnam wrote:
>> ...
>> So, cutting to the chase; can anyone recommend from actual use, a home
>> lan router that has gigabit lan ports and very configurable/
>> informative logging options?
>>
>> ps - I'm not interested in running an old linux or openbsd, machine as
>> router. Having a silent cool router the size and weight of a medium
>> book is too appealing.
>
> Consider OpenWRT. You can run it on something like the Netgear WNR2000, the Buffalo WZR-HP-G300NH, or something even cheaper if you don't need wifi.
I have WZR-HP-G300NH (running DD-WRT), if you don't plan on using wifi
it would be great. The wifi is really unstable and I couldn't
recommend this device if you're a heavy wifi user, but the wired
portion works great, the device itself is by far the fastest I've ever
owned, and it has a USB port so you can attach external storage in
case you want to use it as a server, too.
If your wifi users are limited to web browsing/email it would probably
be okay for that, but if you do anything with persistent open
connections (ssh, gaming, streaming movies) then you'll quickly pull
your hair out in frustration at the constant wifi stalls and
disconnects.
The good news about the bad wifi is that the constant negative reviews
and dissatisfied customers have forced the price down really low, I
got mine for about $50. :)
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] [OT router advice] a router capable of detailed logs
2011-04-19 14:50 ` Paul Hartman
@ 2011-04-20 2:01 ` W.Kenworthy
2011-04-20 18:50 ` [gentoo-user] " Harry Putnam
0 siblings, 1 reply; 48+ messages in thread
From: W.Kenworthy @ 2011-04-20 2:01 UTC (permalink / raw
To: gentoo-user
On Tue, 2011-04-19 at 09:50 -0500, Paul Hartman wrote:
> On Tue, Apr 19, 2011 at 5:18 AM, Stroller
> <stroller@stellar.eclipse.co.uk> wrote:
> >
> > On 19/4/2011, at 4:31am, Harry Putnam wrote:
> >> ...
> >> So, cutting to the chase; can anyone recommend from actual use, a home
> >> lan router that has gigabit lan ports and very configurable/
> >> informative logging options?
> >>
> >> ps - I'm not interested in running an old linux or openbsd, machine as
> >> router. Having a silent cool router the size and weight of a medium
> >> book is too appealing.
> >
> > Consider OpenWRT. You can run it on something like the Netgear WNR2000, the Buffalo WZR-HP-G300NH, or something even cheaper if you don't need wifi.
>
> I have WZR-HP-G300NH (running DD-WRT), if you don't plan on using wifi
> it would be great. The wifi is really unstable and I couldn't
> recommend this device if you're a heavy wifi user, but the wired
> portion works great, the device itself is by far the fastest I've ever
> owned, and it has a USB port so you can attach external storage in
> case you want to use it as a server, too.
>
> If your wifi users are limited to web browsing/email it would probably
> be okay for that, but if you do anything with persistent open
> connections (ssh, gaming, streaming movies) then you'll quickly pull
> your hair out in frustration at the constant wifi stalls and
> disconnects.
>
> The good news about the bad wifi is that the constant negative reviews
> and dissatisfied customers have forced the price down really low, I
> got mine for about $50. :)
>
I have this device and am using Firmware: DD-WRT v24-sp2 (08/07/10) std
- its been totally stable since I dumped the buffalo firmware. My son
plays windoze online games and I often move large files around as well
as stream mythtv across it - no problems at all. Until I started
powering the systems down at night (power charges went up :) it would
stay up for over a month at a time and it was never a crash as to why it
was restarted - usually power, or reconfiguration.
BillK
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-19 6:02 ` Mick
@ 2011-04-20 15:56 ` Harry Putnam
2011-04-21 5:55 ` Mick
0 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 15:56 UTC (permalink / raw
To: gentoo-user
Mick <michaelkintzios@gmail.com> writes:
> On Tuesday 19 April 2011 04:31:38 Harry Putnam wrote:
>
>> So, cutting to the chase; can anyone recommend from actual use, a home
>> lan router that has gigabit lan ports and very configurable/
>> informative logging options?
>
> Have you gone through the documentation to see if there isn't a more verbose
> option for the logs?
Yes
> Do you get the same condensed format when you capture the logs in your LAN
> syslog server?
I did not try that, but is there some reason to expect a difference?
I have channeled logs to Syslog running on gentoo with at least 2
different routers in the past and saw no difference in the logs.
Do you notice a difference?
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-19 6:54 ` [gentoo-user] " Joost Roeleveld
@ 2011-04-20 16:16 ` Harry Putnam
0 siblings, 0 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 16:16 UTC (permalink / raw
To: gentoo-user
Joost Roeleveld <joost@antarean.org> writes:
Harry wrote:
>> So, cutting to the chase; can anyone recommend from actual use, a home
>> lan router that has gigabit lan ports and very configurable/
>> informative logging options?
Joost replied:
> Not familiar with specific types, but I've had best results with the routers
> from Zyxel. The one I used to use (ADSL) would provide a lot of information
> via SNMP and other logging-options.
> Also, this one had no problem with multiple (1000+) simultaneous connections.
> Which is something other brands suffer from regularly.
They appear to have only 2 wired routers: P-335Plus and P-334
And only 1 or 2 wireless with gigabit. The top of the line NBG-460N
looks promising but hard to find a price on... I found it listed as
low as $128, so may be a good choice.
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-19 9:15 ` [gentoo-user] " Peter Humphrey
@ 2011-04-20 16:23 ` Harry Putnam
2011-04-20 18:49 ` Dale
0 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 16:23 UTC (permalink / raw
To: gentoo-user
Peter Humphrey <peter@humphrey.ukfsn.org> writes:
> On Tuesday 19 April 2011 04:31:38 Harry Putnam wrote:
>
>> I'm not interested in running an old linux or openbsd, machine as router.
>> Having a silent cool router the size and weight of a medium book is too
>> appealing.
>
> I'm gazing at an Atom box sitting on my window-sill that would be ideal. It's
> silent and it has gigabit LAN connections. It's 8" square by 1 3/8". Have a look
> at www.aleutia.com.
Nice, only you can't get a price there for love nor money. Clicking
on any of the `products' and then the Buy now link doesn't ever show
any price but `0'. Maybe I should order a dozen or so...
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-19 10:18 ` Stroller
2011-04-19 14:50 ` Paul Hartman
@ 2011-04-20 18:15 ` Harry Putnam
2011-04-20 18:15 ` Todd Goodman
2011-04-20 18:48 ` Paul Hartman
2011-04-20 19:14 ` Harry Putnam
2 siblings, 2 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 18:15 UTC (permalink / raw
To: gentoo-user
Stroller <stroller@stellar.eclipse.co.uk> writes:
> Consider OpenWRT. You can run it on something like the Netgear
> WNR2000, the Buffalo WZR-HP-G300NH, or something even cheaper if you
> don't need wifi.
I don't need wifi, but of course OpenWRT won't run on the cisco
But that WZR-HP-G300NH is looking promising.
Paul Hartman <paul.hartman+gentoo@gmail.com> writes:
[...]
> I have WZR-HP-G300NH (running DD-WRT), if you don't plan on using wifi
> it would be great. The wifi is really unstable and I couldn't
> recommend this device if you're a heavy wifi user, but the wired
> portion works great, the device itself is by far the fastest I've ever
> owned, and it has a USB port so you can attach external storage in
> case you want to use it as a server, too.
Can you make any comment about the logging capabilities?
"W.Kenworthy" <billk@iinet.net.au> writes:
[...]
> I have this device and am using Firmware: DD-WRT v24-sp2 (08/07/10) std
> - its been totally stable since I dumped the buffalo firmware. My son
> plays windoze online games and I often move large files around as well
> as stream mythtv across it - no problems at all. Until I started
> powering the systems down at night (power charges went up :) it would
> stay up for over a month at a time and it was never a crash as to why it
> was restarted - usually power, or reconfiguration.
Maybe you can make some comment about logging capablities? Maybe one
or both of you might be willing to post a log sample?
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 18:15 ` Harry Putnam
@ 2011-04-20 18:15 ` Todd Goodman
2011-04-20 19:01 ` Harry Putnam
2011-04-20 18:48 ` Paul Hartman
1 sibling, 1 reply; 48+ messages in thread
From: Todd Goodman @ 2011-04-20 18:15 UTC (permalink / raw
To: gentoo-user
* Harry Putnam <reader@newsguy.com> [110420 13:51]:
> Stroller <stroller@stellar.eclipse.co.uk> writes:
>
> > Consider OpenWRT. You can run it on something like the Netgear
> > WNR2000, the Buffalo WZR-HP-G300NH, or something even cheaper if you
> > don't need wifi.
>
> I don't need wifi, but of course OpenWRT won't run on the cisco
> But that WZR-HP-G300NH is looking promising.
I've just purchased one and it arrived today and I installed DD-WRT and
then upgraded to OpenWRT. It's working well but obviously I've only
just started working with it.
>
> Paul Hartman <paul.hartman+gentoo@gmail.com> writes:
>
> [...]
>
> > I have WZR-HP-G300NH (running DD-WRT), if you don't plan on using wifi
> > it would be great. The wifi is really unstable and I couldn't
> > recommend this device if you're a heavy wifi user, but the wired
> > portion works great, the device itself is by far the fastest I've ever
> > owned, and it has a USB port so you can attach external storage in
> > case you want to use it as a server, too.
>
> Can you make any comment about the logging capabilities?
OpenWRT is running the BusyBox syslogd by default. I doubt it would take
much to build a syslog-ng (or whatever other logger you prefer) if there
isn't already a package for it.
Oh, I see that there already are syslog-ng (1.6.12-2) and syslog-ng3
(3.0.5-1) packages
You have iptables support so you can do pretty much anything you like
with regards to logging.
Todd
>
> "W.Kenworthy" <billk@iinet.net.au> writes:
>
> [...]
>
> > I have this device and am using Firmware: DD-WRT v24-sp2 (08/07/10) std
> > - its been totally stable since I dumped the buffalo firmware. My son
> > plays windoze online games and I often move large files around as well
> > as stream mythtv across it - no problems at all. Until I started
> > powering the systems down at night (power charges went up :) it would
> > stay up for over a month at a time and it was never a crash as to why it
> > was restarted - usually power, or reconfiguration.
>
> Maybe you can make some comment about logging capablities? Maybe one
> or both of you might be willing to post a log sample?
>
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 18:15 ` Harry Putnam
2011-04-20 18:15 ` Todd Goodman
@ 2011-04-20 18:48 ` Paul Hartman
2011-04-20 19:28 ` Harry Putnam
1 sibling, 1 reply; 48+ messages in thread
From: Paul Hartman @ 2011-04-20 18:48 UTC (permalink / raw
To: gentoo-user
On Wed, Apr 20, 2011 at 1:15 PM, Harry Putnam <reader@newsguy.com> wrote:
> Maybe you can make some comment about logging capablities? Maybe one
> or both of you might be willing to post a log sample?
Ultimately it's just a linux box, you can run syslogd and log
kernel/firewall/etc to a local or remote syslog. Since the device
itself has no built-in storage, logging is disabled by default (in
DD-WRT anyway). I've never enabled the logging, but I'll do it right
now to see how it looks.
In DD-WRT, you can enable syslogd (either to write local to
/var/log/messages or to a remote machine), and then in the firewall
section you can set the logging level (low/medium/high) and choose
whether to log dropped/accepted/rejected.
I just enabled high logging with everything enabled, and I get a flood
of this kind of message in /var/log/messages:
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279
PROTO=UDP SPT=67 DPT=68 LEN=305
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287
PROTO=UDP SPT=67 DPT=68 LEN=305
Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29
DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300
PROTO=UDP SPT=67 DPT=68 LEN=345
So it looks like ordinary linux firewall logging... I'm sure you can
customize it if you want to, just as you would on a normal machine.
Hope that helps :)
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 16:23 ` [gentoo-user] " Harry Putnam
@ 2011-04-20 18:49 ` Dale
2011-04-20 19:38 ` Harry Putnam
0 siblings, 1 reply; 48+ messages in thread
From: Dale @ 2011-04-20 18:49 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1561 bytes --]
Harry Putnam wrote:
> Peter Humphrey<peter@humphrey.ukfsn.org> writes:
>
>
>> On Tuesday 19 April 2011 04:31:38 Harry Putnam wrote:
>>
>>
>>> I'm not interested in running an old linux or openbsd, machine as router.
>>> Having a silent cool router the size and weight of a medium book is too
>>> appealing.
>>>
>> I'm gazing at an Atom box sitting on my window-sill that would be ideal. It's
>> silent and it has gigabit LAN connections. It's 8" square by 1 3/8". Have a look
>> at www.aleutia.com.
>>
> Nice, only you can't get a price there for love nor money. Clicking
> on any of the `products' and then the Buy now link doesn't ever show
> any price but `0'. Maybe I should order a dozen or so...
>
>
This may give you a idea. I got this off their site, after selecting a
configuration for one:
*Product* *Quantity* *Price* *Amount*
T1 Fanless PC with 2GB RAM 199.00 199.00
250GB Western Digital Hard Drive (5400RPM, 8MB Cache) 45.00 45.00
3) Select WLAN 0.00 0.00
No Serial Ports 0.00 0.00
No Operating System 0.00 0.00
Standard build & test ships 6 days after order is placed 0.00 0.00
1 Year Standard Return to Base Warranty - Free 0.00 0.00
------------------------------------------------------------------------
*All prices are in British Pounds* *Subtotal* 244.00
*Delivery* 0.00
------------------------------------------------------------------------
*TOTAL* 244.00
I guess one could use Froogle if you can't buy it across the pond.
Cheap little thing tho. o_O
Dale
:-) :-)
[-- Attachment #2: Type: text/html, Size: 5789 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 2:01 ` W.Kenworthy
@ 2011-04-20 18:50 ` Harry Putnam
0 siblings, 0 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 18:50 UTC (permalink / raw
To: gentoo-user
"W.Kenworthy" <billk@iinet.net.au> writes:
> I have this device and am using Firmware: DD-WRT v24-sp2 (08/07/10) std
> - its been totally stable since I dumped the buffalo firmware. My son
> plays windoze online games and I often move large files around as well
> as stream mythtv across it - no problems at all. Until I started
> powering the systems down at night (power charges went up :) it would
> stay up for over a month at a time and it was never a crash as to why it
> was restarted - usually power, or reconfiguration.
Sorry to bug you again after already asking about logs, but I'm having
trouble really telling much about the system at dd-wrt.com/wiki.
Can you set it up so that logs are mailed rather than sent to syslog?
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 18:15 ` Todd Goodman
@ 2011-04-20 19:01 ` Harry Putnam
0 siblings, 0 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 19:01 UTC (permalink / raw
To: gentoo-user
Todd Goodman <tsg@bonedaddy.net> writes:
> OpenWRT is running the BusyBox syslogd by default. I doubt it would take
> much to build a syslog-ng (or whatever other logger you prefer) if there
> isn't already a package for it.
>
> Oh, I see that there already are syslog-ng (1.6.12-2) and syslog-ng3
> (3.0.5-1) packages
>
> You have iptables support so you can do pretty much anything you like
> with regards to logging.
Ahh, thanks.
I just posted again about logging and mentioned I couldn't tell much
about it at the dd-wrt wiki.
However, now I see a lot more info at the dd-wrt wiki than I saw
at first too .... er... I take it all back.
http://www.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-19 10:18 ` Stroller
2011-04-19 14:50 ` Paul Hartman
2011-04-20 18:15 ` Harry Putnam
@ 2011-04-20 19:14 ` Harry Putnam
2011-04-30 17:47 ` James
2 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 19:14 UTC (permalink / raw
To: gentoo-user
Stroller <stroller@stellar.eclipse.co.uk> writes:
> On 19/4/2011, at 4:31am, Harry Putnam wrote:
>> ...
>> So, cutting to the chase; can anyone recommend from actual use, a home
>> lan router that has gigabit lan ports and very configurable/
>> informative logging options?
>>
>> ps - I'm not interested in running an old linux or openbsd, machine as
>> router. Having a silent cool router the size and weight of a medium
>> book is too appealing.
>
> Consider OpenWRT. You can run it on something like the Netgear
> WNR2000, the Buffalo WZR-HP-G300NH, or something even cheaper if you
> don't need wifi.
All good, except then you have to muck around with iptables. I once
knew a bit about that when it first replaced ipchains in linux
distros... thats' been yrs ago, and I've completely forgotten whatever
I may have learned back then. I ended up switching to PF filter on
OpenBSD for firewall/router... and have now forgotten all about that too.
Are you using openWRT on a router yourself?
If so, is there a basic iptables script rigged up for numbskulls to be
able to add and subtract from it readily?
I actually wrote such a thing for myself way back when. (The part for
numbskulls, not iptables) but would not look forward to trying to
remaster what ever I need to know about iptables to use openWRT.
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 18:48 ` Paul Hartman
@ 2011-04-20 19:28 ` Harry Putnam
2011-04-20 20:11 ` Paul Hartman
2011-04-21 12:22 ` Todd Goodman
0 siblings, 2 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 19:28 UTC (permalink / raw
To: gentoo-user
Paul Hartman <paul.hartman+gentoo@gmail.com> writes:
> Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
> DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279
> PROTO=UDP SPT=67 DPT=68 LEN=305
> Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
> DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287
> PROTO=UDP SPT=67 DPT=68 LEN=305
> Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1
> OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29
> DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300
> PROTO=UDP SPT=67 DPT=68 LEN=345
>
> So it looks like ordinary linux firewall logging... I'm sure you can
> customize it if you want to, just as you would on a normal machine.
>
> Hope that helps :)
Yes, thanks for taking the trouble... When I asked that, I hadn't
realized that both dd-wrt and openWRT were actually tiny linux OS.
I've reading more about them since.
It sounds from your report that dd-wrt has some kind of basic firewall
script in place by default.
Whereas openWRT sounds like you may need to role your own iptables
script right off the bat. at least judging from a few posts I've now
read from their mailing list where people seem to be asking the kinds
of iptables questions you might find on that list..
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 18:49 ` Dale
@ 2011-04-20 19:38 ` Harry Putnam
2011-04-20 19:50 ` Dale
0 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 19:38 UTC (permalink / raw
To: gentoo-user
Dale <rdalek1967@gmail.com> writes:
[...]
> I guess one could use Froogle if you can't buy it across the pond.
> Cheap little thing tho. o_O
>
What is the cpu?
I couldn't tell if you were joking about cheap... ... so is the final
price about $400 US?
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 19:38 ` Harry Putnam
@ 2011-04-20 19:50 ` Dale
2011-04-20 22:36 ` Peter Humphrey
2011-04-20 22:36 ` Harry Putnam
0 siblings, 2 replies; 48+ messages in thread
From: Dale @ 2011-04-20 19:50 UTC (permalink / raw
To: gentoo-user
Harry Putnam wrote:
> Dale<rdalek1967@gmail.com> writes:
>
> [...]
>
>
>> I guess one could use Froogle if you can't buy it across the pond.
>> Cheap little thing tho. o_O
>>
>>
> What is the cpu?
>
Intel Atom 1.6GHz CPU
> I couldn't tell if you were joking about cheap... ... so is the final
> price about $400 US?
>
>
>
I don't really know. I would assume as I had it configured, that was
the price. That would sort of be bare bones but for a router, you most
likely don't need anything fancy, unless you are routing some serious
traffic.
I just picked the one I thought was small and cute. lol
Dale
:-) :-)
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 19:28 ` Harry Putnam
@ 2011-04-20 20:11 ` Paul Hartman
2011-04-20 22:41 ` Harry Putnam
2011-04-21 12:22 ` Todd Goodman
1 sibling, 1 reply; 48+ messages in thread
From: Paul Hartman @ 2011-04-20 20:11 UTC (permalink / raw
To: gentoo-user
On Wed, Apr 20, 2011 at 2:28 PM, Harry Putnam <reader@newsguy.com> wrote:
>
> Whereas openWRT sounds like you may need to role your own iptables
> script right off the bat. at least judging from a few posts I've now
> read from their mailing list where people seem to be asking the kinds
> of iptables questions you might find on that list..
Right, OpenWRT is more of a "do-it-yourself" distro, with a package
manager, you install what you want to use and configure it yourself.
DD-WRT is more of the "ubuntu-style" router OS, it comes with a bunch
of services pre-installed and pre-configured, with a pretty GUI, and
you only have to enable or disable them and the defaults are set up
for your hardware already.
Under the surface, both are very similar, in fact I read that new
versions of DD-WRT are going to be developed on top of OpenWRT. Both
can be configured via telnet/ssh or via a web GUI.
I think that if someone can handle Gentoo, they can definitely handle
OpenWRT. I have 3 Buffalo routers (all different models) and I'm using
DD-WRT on 2 of them and OpenWRT on the other, though I'm not doing
anything particularly complicated on any of them.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 19:50 ` Dale
@ 2011-04-20 22:36 ` Peter Humphrey
2011-04-20 22:36 ` Harry Putnam
1 sibling, 0 replies; 48+ messages in thread
From: Peter Humphrey @ 2011-04-20 22:36 UTC (permalink / raw
To: gentoo-user
On Wednesday 20 April 2011 20:50:51 Dale wrote:
> Harry Putnam wrote:
> > What is the cpu?
>
> Intel Atom 1.6GHz CPU
N270.
> > I couldn't tell if you were joking about cheap... ... so is the final
> > price about $400 US?
>
> I don't really know. I would assume as I had it configured, that was
> the price. That would sort of be bare bones but for a router, you most
> likely don't need anything fancy, unless you are routing some serious
> traffic.
That's just about identical to the one I have. For a router you'd need to choose
a different model with more Ethernet ports.
> I just picked the one I thought was small and cute. lol
Oh, it is. Lovely.
Now all I need to do is to find out what's causing the disk to spin up every few
seconds. I suspect smartd.
--
Rgds
Peter
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 19:50 ` Dale
2011-04-20 22:36 ` Peter Humphrey
@ 2011-04-20 22:36 ` Harry Putnam
2011-04-20 23:35 ` Dale
1 sibling, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 22:36 UTC (permalink / raw
To: gentoo-user
Dale <rdalek1967@gmail.com> writes:
> Harry Putnam wrote:
>> Dale<rdalek1967@gmail.com> writes:
>>
>> [...]
>>
>>
>>> I guess one could use Froogle if you can't buy it across the pond.
>>> Cheap little thing tho. o_O
>>>
>>>
>> What is the cpu?
>>
>
> Intel Atom 1.6GHz CPU
>
>> I couldn't tell if you were joking about cheap... ... so is the final
>> price about $400 US?
> I don't really know. I would assume as I had it configured, that was
> the price. That would sort of be bare bones but for a router, you
> most likely don't need anything fancy, unless you are routing some
> serious traffic.
>
> I just picked the one I thought was small and cute. lol
Your previous post showed this as total.
*All prices are in British Pounds* *Subtotal* 244.00
*Delivery* 0.00
------------------------------------------------------------------------
*TOTAL* 244.00
244 british pounds is just a hair under $400
So do you think $400 is pretty cheap for an home lan router?
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 20:11 ` Paul Hartman
@ 2011-04-20 22:41 ` Harry Putnam
0 siblings, 0 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-20 22:41 UTC (permalink / raw
To: gentoo-user
Paul Hartman <paul.hartman+gentoo@gmail.com> writes:
> On Wed, Apr 20, 2011 at 2:28 PM, Harry Putnam <reader@newsguy.com> wrote:
>>
>> Whereas openWRT sounds like you may need to role your own iptables
>> script right off the bat. at least judging from a few posts I've now
>> read from their mailing list where people seem to be asking the kinds
>> of iptables questions you might find on that list..
>
> Right, OpenWRT is more of a "do-it-yourself" distro, with a package
> manager, you install what you want to use and configure it yourself.
> DD-WRT is more of the "ubuntu-style" router OS, it comes with a bunch
> of services pre-installed and pre-configured, with a pretty GUI, and
> you only have to enable or disable them and the defaults are set up
> for your hardware already.
>
> Under the surface, both are very similar, in fact I read that new
> versions of DD-WRT are going to be developed on top of OpenWRT. Both
> can be configured via telnet/ssh or via a web GUI.
>
> I think that if someone can handle Gentoo, they can definitely handle
> OpenWRT.
What I see is somewhat difficult is learning enough iptables to be
competent with it.
As I recall from yrs ago it is not that easy to keep from shooting
yourself in the foot and ending up hacked or such with iptables.
> . . . . . I have 3 Buffalo routers (all different models) and I'm using
> DD-WRT on 2 of them and OpenWRT on the other, though I'm not doing
> anything particularly complicated on any of them.
What I have to do is probably a lot simpler than what you are doing
with any of them. Just a home lan router/firewall. But if I had to
learn iptables, that throws `simple' right out the door.
Are you running iptables on any of them?
Does the one using openWRT have a basic firewall in place and some
wrapper around iptables to make the creation of rules a bit easier.?
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 22:36 ` Harry Putnam
@ 2011-04-20 23:35 ` Dale
2011-04-21 5:37 ` Pandu Poluan
0 siblings, 1 reply; 48+ messages in thread
From: Dale @ 2011-04-20 23:35 UTC (permalink / raw
To: gentoo-user
Harry Putnam wrote:
> Dale<rdalek1967@gmail.com> writes:
>
>
>> Harry Putnam wrote:
>>
>>> Dale<rdalek1967@gmail.com> writes:
>>>
>>> [...]
>>>
>>>
>>>
>>>> I guess one could use Froogle if you can't buy it across the pond.
>>>> Cheap little thing tho. o_O
>>>>
>>>>
>>>>
>>> What is the cpu?
>>>
>>>
>> Intel Atom 1.6GHz CPU
>>
>>
>>> I couldn't tell if you were joking about cheap... ... so is the final
>>> price about $400 US?
>>>
>
>> I don't really know. I would assume as I had it configured, that was
>> the price. That would sort of be bare bones but for a router, you
>> most likely don't need anything fancy, unless you are routing some
>> serious traffic.
>>
>> I just picked the one I thought was small and cute. lol
>>
> Your previous post showed this as total.
>
> *All prices are in British Pounds* *Subtotal* 244.00
> *Delivery* 0.00
> ------------------------------------------------------------------------
> *TOTAL* 244.00
>
> 244 british pounds is just a hair under $400
>
> So do you think $400 is pretty cheap for an home lan router?
>
>
Well, I have no idea what the conversion from British Pounds to US
dollars would be. I assume you are correct. I was thinking it was the
other way around tho. That said, since he wants something more than a
LinkSys router, it's going to cost something. Me, I got me a $10.00
refurbed LinkSys and called it a day. Thing is, I don't need anything
fast or expensive. I did want something that was cheap on power tho.
Trying to cut back a bit on the old watt meter. I already got two
freezers running here. One could build a bare bones rig and just use
that. I'm not sure it would be much cheaper tho. May use more power
from the wall too. That is why I picked the fanless version. I figured
if it needed no fans, it can't pull to much power. It also seemed to
have lots of CPU speed for a router.
$400.00 for a router . . . that better be one HECK of a router. Maybe
wash dishes or something too. o_O
Dale
:-) :-)
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 23:35 ` Dale
@ 2011-04-21 5:37 ` Pandu Poluan
0 siblings, 0 replies; 48+ messages in thread
From: Pandu Poluan @ 2011-04-21 5:37 UTC (permalink / raw
To: gentoo-user
On Thu, Apr 21, 2011 at 06:35, Dale <rdalek1967@gmail.com> wrote:
> Harry Putnam wrote:
>>
>> Dale<rdalek1967@gmail.com> writes:
>>
>> Your previous post showed this as total.
>>
>> *All prices are in British Pounds* *Subtotal* 244.00
>> *Delivery* 0.00
>> ------------------------------------------------------------------------
>> *TOTAL* 244.00
>>
>> 244 british pounds is just a hair under $400
>>
>> So do you think $400 is pretty cheap for an home lan router?
>>
>>
>
> Well, I have no idea what the conversion from British Pounds to US dollars
> would be. I assume you are correct. I was thinking it was the other way
> around tho. That said, since he wants something more than a LinkSys router,
> it's going to cost something. Me, I got me a $10.00 refurbed LinkSys and
> called it a day. Thing is, I don't need anything fast or expensive. I did
> want something that was cheap on power tho. Trying to cut back a bit on the
> old watt meter. I already got two freezers running here. One could build a
> bare bones rig and just use that. I'm not sure it would be much cheaper
> tho. May use more power from the wall too. That is why I picked the
> fanless version. I figured if it needed no fans, it can't pull to much
> power. It also seemed to have lots of CPU speed for a router.
>
> $400.00 for a router . . . that better be one HECK of a router. Maybe wash
> dishes or something too. o_O
>
> Dale
>
> :-) :-)
>
>
Meh. With $400, you can buy 5 (five!) of those Mikrotik RB750G @ $70
http://routerboard.com/index.php?showProduct=90
(Excl. S&H, of course)
Rgds,
--
Pandu E Poluan
~ IT Optimizer ~
Visit my Blog: http://pepoluan.posterous.com
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 15:56 ` [gentoo-user] " Harry Putnam
@ 2011-04-21 5:55 ` Mick
2011-04-21 5:58 ` Mick
0 siblings, 1 reply; 48+ messages in thread
From: Mick @ 2011-04-21 5:55 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 1020 bytes --]
On Wednesday 20 April 2011 16:56:15 Harry Putnam wrote:
> Mick <michaelkintzios@gmail.com> writes:
> > Do you get the same condensed format when you capture the logs in your
> > LAN syslog server?
>
> I did not try that, but is there some reason to expect a difference?
No, it shouldn't - after all it is the same log file that you are accessing,
but wasn't sure if the gui condensed what's reported to fit it in the screen.
> I have channeled logs to Syslog running on gentoo with at least 2
> different routers in the past and saw no difference in the logs.
>
> Do you notice a difference?
I do not have a Cisco router to try it just now, but could you have a look at
how your access lists are defined? Extended ACLs *should* show ports, as long
as ports are used in permit/deny statements and asked to be logged; e.g.
access-list 102 permit tcp host 10.10.10.2 eq 0 any eq 0 log
of course IOS versions may change things, but that's how I remember it worked.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-21 5:55 ` Mick
@ 2011-04-21 5:58 ` Mick
2011-04-22 19:28 ` Harry Putnam
0 siblings, 1 reply; 48+ messages in thread
From: Mick @ 2011-04-21 5:58 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 1222 bytes --]
On Thursday 21 April 2011 06:55:41 Mick wrote:
> On Wednesday 20 April 2011 16:56:15 Harry Putnam wrote:
> > Mick <michaelkintzios@gmail.com> writes:
> > > Do you get the same condensed format when you capture the logs in your
> > > LAN syslog server?
> >
> > I did not try that, but is there some reason to expect a difference?
>
> No, it shouldn't - after all it is the same log file that you are
> accessing, but wasn't sure if the gui condensed what's reported to fit it
> in the screen.
>
> > I have channeled logs to Syslog running on gentoo with at least 2
> > different routers in the past and saw no difference in the logs.
> >
> > Do you notice a difference?
>
> I do not have a Cisco router to try it just now, but could you have a look
> at how your access lists are defined? Extended ACLs *should* show ports,
> as long as ports are used in permit/deny statements and asked to be
> logged; e.g.
>
> access-list 102 permit tcp host 10.10.10.2 eq 0 any eq 0 log
>
> of course IOS versions may change things, but that's how I remember it
> worked.
Ah! Here's what I found:
http://blog.ioshints.info/2007/06/port-number-not-shown-in-access-list.html
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 19:28 ` Harry Putnam
2011-04-20 20:11 ` Paul Hartman
@ 2011-04-21 12:22 ` Todd Goodman
2011-04-22 20:25 ` Harry Putnam
1 sibling, 1 reply; 48+ messages in thread
From: Todd Goodman @ 2011-04-21 12:22 UTC (permalink / raw
To: gentoo-user
* Harry Putnam <reader@newsguy.com> [110420 15:03]:
> Paul Hartman <paul.hartman+gentoo@gmail.com> writes:
>
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279
> > PROTO=UDP SPT=67 DPT=68 LEN=305
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287
> > PROTO=UDP SPT=67 DPT=68 LEN=305
> > Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29
> > DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300
> > PROTO=UDP SPT=67 DPT=68 LEN=345
> >
> > So it looks like ordinary linux firewall logging... I'm sure you can
> > customize it if you want to, just as you would on a normal machine.
> >
> > Hope that helps :)
>
> Yes, thanks for taking the trouble... When I asked that, I hadn't
> realized that both dd-wrt and openWRT were actually tiny linux OS.
>
> I've reading more about them since.
>
> It sounds from your report that dd-wrt has some kind of basic firewall
> script in place by default.
>
> Whereas openWRT sounds like you may need to role your own iptables
> script right off the bat. at least judging from a few posts I've now
> read from their mailing list where people seem to be asking the kinds
> of iptables questions you might find on that list..
>
There is a basic firewall in place with OpenWRT (enabled by default.)
There is a a web GUI for OpenWRT (as well as with DD-WRT.)
The web GUI supports the usual config pages as with other similar home
routers.
There's a status page showing the iptables chains with the packet
counts for each rule (the most complicated page to view I'd say.)
There's config pages for overall firewall config with default policies
and other things such as zone config. There's a "traffic control" page
which lets you define your filter rules and a "Traffic Redirection" page
which allows you to set up your port forwarding (DNAT.)
It's quite easy to configure and doesn't require iptables knowledge.
Though I like very much that the option is there if I want to take
advantage of it.
I've used LEAF for a long time (a small Linux Embedded Firewall
Appliance) and it's great but DD-WRT and OpenWRT have nice GUIs on top
of them and it was very easy to reflash my Buffalo to DD-WRT and then
upgrade from that to OpenWRT.
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-21 5:58 ` Mick
@ 2011-04-22 19:28 ` Harry Putnam
2011-04-22 22:17 ` Mick
0 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-22 19:28 UTC (permalink / raw
To: gentoo-user
Mick <michaelkintzios@gmail.com> writes:
[...]
> Ah! Here's what I found:
> http://blog.ioshints.info/2007/06/port-number-not-shown-in-access-list.html
Thanks for doing so much legwork.
On the cisco RVS4000 v2.. I see no way to enter the syntax shown at
the URL or in your previous post.
I've put a few screen shots online that shows shots of the interface
pages involving IP acls.
They should load in order where the top is a view of the basic
settings.
Next is the page showing existing acls and how they are displayed.
Finally the page available to add/delete acls.
[NOTE: There may be someway to just edit a text file of acls, but if
so I am not aware of it]
www.jtan.com/~reader/vu3/disp.cgi
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-21 12:22 ` Todd Goodman
@ 2011-04-22 20:25 ` Harry Putnam
2011-04-22 22:47 ` Todd Goodman
0 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-22 20:25 UTC (permalink / raw
To: gentoo-user
Todd Goodman <tsg@bonedaddy.net> writes:
> There is a basic firewall in place with OpenWRT (enabled by default.)
>
> There is a a web GUI for OpenWRT (as well as with DD-WRT.)
>
> The web GUI supports the usual config pages as with other similar home
> routers.
>
> There's a status page showing the iptables chains with the packet
> counts for each rule (the most complicated page to view I'd say.)
>
> There's config pages for overall firewall config with default policies
> and other things such as zone config. There's a "traffic control" page
> which lets you define your filter rules and a "Traffic Redirection" page
> which allows you to set up your port forwarding (DNAT.)
>
> It's quite easy to configure and doesn't require iptables knowledge.
>
> Though I like very much that the option is there if I want to take
> advantage of it.
[...]
I want to thank you for providing such detailed information. It is a
very helpful reply... thanks
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-22 19:28 ` Harry Putnam
@ 2011-04-22 22:17 ` Mick
2011-04-25 17:37 ` Harry Putnam
0 siblings, 1 reply; 48+ messages in thread
From: Mick @ 2011-04-22 22:17 UTC (permalink / raw
To: gentoo-user
On 22 April 2011 20:28, Harry Putnam <reader@newsguy.com> wrote:
> On the cisco RVS4000 v2.. I see no way to enter the syntax shown at
> the URL or in your previous post.
The syntax is meant to be used in the cisco configuration file itself.
Using IOS commands you should be able to set up the same ACLs from a
terminal.
> I've put a few screen shots online that shows shots of the interface
> pages involving IP acls.
>
> They should load in order where the top is a view of the basic
> settings.
>
> Next is the page showing existing acls and how they are displayed.
>
> Finally the page available to add/delete acls.
I see what you mean - this GUI seems dumbed down. In this case you
will probably have to get your hands dirty with the CLI.
> [NOTE: There may be someway to just edit a text file of acls, but if
> so I am not aware of it]
On a typical Cisco router you should be able to download/edit/upload
the configuration file from/to the router using tftp and a text
editor, or minicom and a serial cable if the router has a serial port,
or easiest method should be to login via telnet or ssh from your PC
using a terminal and run IOS configuration commands. The Cisco
website has loads of documentation on IOS. Something like this will
show you the ropes (although details vary depending on the version of
your firmware and platform):
http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_4/cf_12_4_book.html
BTW, your first step should be to make a back up of the current
configuration file just in case you mess things up!
HTH.
--
Regards,
Mick
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-22 20:25 ` Harry Putnam
@ 2011-04-22 22:47 ` Todd Goodman
0 siblings, 0 replies; 48+ messages in thread
From: Todd Goodman @ 2011-04-22 22:47 UTC (permalink / raw
To: gentoo-user
* Harry Putnam <reader@newsguy.com> [110422 16:00]:
> Todd Goodman <tsg@bonedaddy.net> writes:
>
> > There is a basic firewall in place with OpenWRT (enabled by default.)
> >
> > There is a a web GUI for OpenWRT (as well as with DD-WRT.)
> >
> > The web GUI supports the usual config pages as with other similar home
> > routers.
> >
> > There's a status page showing the iptables chains with the packet
> > counts for each rule (the most complicated page to view I'd say.)
> >
> > There's config pages for overall firewall config with default policies
> > and other things such as zone config. There's a "traffic control" page
> > which lets you define your filter rules and a "Traffic Redirection" page
> > which allows you to set up your port forwarding (DNAT.)
> >
> > It's quite easy to configure and doesn't require iptables knowledge.
> >
> > Though I like very much that the option is there if I want to take
> > advantage of it.
>
> [...]
>
> I want to thank you for providing such detailed information. It is a
> very helpful reply... thanks
>
You're welcome.
BTW, rereading what I wrote above, I didn't mean to imply that DD-WRT
doesn't have a basic firewall in place by default (I don't know if it
does, I'd assume so.)
Also, I've been running lots of traffic through the wireless on that
Buffalo OpenWRT box and haven't experienced any drops (the same traffic
caused a LinkSys and TrendNet box running the commercial firmware to
drop the wireless connections.)
So I'm happy with at this point.
Todd
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-22 22:17 ` Mick
@ 2011-04-25 17:37 ` Harry Putnam
2011-04-25 18:20 ` Paul Hartman
2011-04-25 18:44 ` Mick
0 siblings, 2 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-25 17:37 UTC (permalink / raw
To: gentoo-user
Mick <michaelkintzios@gmail.com> writes:
> On a typical Cisco router you should be able to download/edit/upload
> the configuration file from/to the router using tftp and a text
> editor, or minicom and a serial cable if the router has a serial
> port,
When I export the config file, its a binary file, not accessible by
text editor.
I can get a pile of humpty dumpty bunk using `strings' so apparently
not intended for text editing at all.
> or easiest method should be to login via telnet or ssh from your PC
> using a terminal and run IOS configuration commands. The Cisco
> website has loads of documentation on IOS. Something like this will
> show you the ropes (although details vary depending on the version of
> your firmware and platform):
>
> http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_4/cf_12_4_book.html
Thanks for the site. After looking around there a while I'm not
seeing how to gain a terminal to execute any ios commands.
Neither ssh or telnet are accepted at the router.
Surely its not really necessary to use a special cable and minicom?
A search of the full manual on `ssh' or tftp for that matter, turns up
no hits.
Even the term `command line' turns up nothing useful in the admin
manual.
If I enable `remote admin' it is clearly intended for browser access
on port 8080, and again no obvious route to any cli opportunities. In
fact its not clear even how to connect via a browser for remote admin.
After turning remote admin on, and setting a single IP address to be
able to connect... I still cannot access it for remote admin on 8080.
It seems a really poor users manual or either it expects user to
already have serious knowledge of cisco setups and only require the
most general help.
It appears the intent by cisco is that one should use only the poorly
documented interface for setting up the router.
Of course I can connect using its lan IP and user/passwd, but even
there I see no opportunity to set anything for cmdline access.
Diddling around on ciscos pages seems a serious time waster.
Entering the Router model continually leads to a manual for a
different (wireless) model.
Its exasperating because I know there is good information there
somewhere but they do not make it easy to find.
The Disc that came with the router contains the Quick start guide and
a chicken pukky Admin guide that is so bland and uninformative as to
rate as nearly useless.
I'm probably jumping the gun, but this RVS4000 is looking more and
more like some pretty sorry junk to me.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-25 17:37 ` Harry Putnam
@ 2011-04-25 18:20 ` Paul Hartman
2011-04-25 19:04 ` Mick
2011-04-25 18:44 ` Mick
1 sibling, 1 reply; 48+ messages in thread
From: Paul Hartman @ 2011-04-25 18:20 UTC (permalink / raw
To: gentoo-user
On Mon, Apr 25, 2011 at 12:37 PM, Harry Putnam <reader@newsguy.com> wrote:
> Thanks for the site. After looking around there a while I'm not
> seeing how to gain a terminal to execute any ios commands.
>
> Neither ssh or telnet are accepted at the router.
This page shows how to enable the telnet service via a hidden web config page:
http://rootit.org/2008/06/linksys-rvs4000-p1/
I don't have one, so I haven't tried it myself.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-25 17:37 ` Harry Putnam
2011-04-25 18:20 ` Paul Hartman
@ 2011-04-25 18:44 ` Mick
2011-04-25 22:23 ` Jake Moe
2011-04-26 22:27 ` Harry Putnam
1 sibling, 2 replies; 48+ messages in thread
From: Mick @ 2011-04-25 18:44 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 2783 bytes --]
On Monday 25 April 2011 18:37:31 Harry Putnam wrote:
> Mick <michaelkintzios@gmail.com> writes:
> > On a typical Cisco router you should be able to download/edit/upload
> > the configuration file from/to the router using tftp and a text
> > editor, or minicom and a serial cable if the router has a serial
> > port,
>
> When I export the config file, its a binary file, not accessible by
> text editor.
Huh? This is rather strange. It *should* be a plain text file ... o_O
Would it require some expensive Cisco desktop application to be able to
read/edit it off the machine?!
> Thanks for the site. After looking around there a while I'm not
> seeing how to gain a terminal to execute any ios commands.
>
> Neither ssh or telnet are accepted at the router.
Please try using your browser first to enable telnet:
http://$ROUTER_IP/Hidden_telnet.htm
====================================
WARNING!
I'm not sure if this service will be firewalled on the Internet side of your
network! I've heard stories where access is opened on the public network and
is unprotected. Disconnect your router from the Internet before you try this.
====================================
According to this document there should be a page where you can enable/disable
IP services:
http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Frouters%2Fcsbr%2Frvs4000%2Fadministration%2Fguide%2FRVS4000_AG_OL-22605.pdf&pos=2&strqueryid=2&websessionid=1ZZPcuEr9CUldszOmUrXpJy
Not sure if applicable to your router.
> Surely its not really necessary to use a special cable and minicom?
I had a look and can't see a serial port on your machine, so minicom will not
be of use in this case.
> A search of the full manual on `ssh' or tftp for that matter, turns up
> no hits.
>
> Even the term `command line' turns up nothing useful in the admin
> manual.
>
> If I enable `remote admin' it is clearly intended for browser access
> on port 8080, and again no obvious route to any cli opportunities. In
> fact its not clear even how to connect via a browser for remote admin.
>
> After turning remote admin on, and setting a single IP address to be
> able to connect... I still cannot access it for remote admin on 8080.
Did you try this from the Internet, or from within your LAN?
> I'm probably jumping the gun, but this RVS4000 is looking more and
> more like some pretty sorry junk to me.
I can but sympathise with your frustration. They seem to have offered a
dumbed down version of something here which is not readily recognisable as a
Cisco machine. Perhaps all this additional functionality is only available
for their professional grade platforms?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-25 18:20 ` Paul Hartman
@ 2011-04-25 19:04 ` Mick
0 siblings, 0 replies; 48+ messages in thread
From: Mick @ 2011-04-25 19:04 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 723 bytes --]
On Monday 25 April 2011 19:20:55 Paul Hartman wrote:
> On Mon, Apr 25, 2011 at 12:37 PM, Harry Putnam <reader@newsguy.com> wrote:
> > Thanks for the site. After looking around there a while I'm not
> > seeing how to gain a terminal to execute any ios commands.
> >
> > Neither ssh or telnet are accepted at the router.
>
> This page shows how to enable the telnet service via a hidden web config
> page:
>
> http://rootit.org/2008/06/linksys-rvs4000-p1/
>
> I don't have one, so I haven't tried it myself.
Ah! Good find Paul.
It seems that this router is running Linux, rather than Cisco IOS ...
The trick then is to access the telnet interface and secure it with iptables.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-25 18:44 ` Mick
@ 2011-04-25 22:23 ` Jake Moe
2011-04-26 6:08 ` Mick
2011-04-26 22:27 ` Harry Putnam
1 sibling, 1 reply; 48+ messages in thread
From: Jake Moe @ 2011-04-25 22:23 UTC (permalink / raw
To: gentoo-user
I haven't followed this entire thread, but is there any chance this
isn't really a "Cisco" device as you know it, but a rebranded
"Linksys"? After seeing a picture of the device, and reading that it's
a "Small Business" router, I'd suspect it's a device that came out of
their acquisition of Linksys. That'd explain the different config style
you're seeing.
On 04/26/11 04:44, Mick wrote:
> On Monday 25 April 2011 18:37:31 Harry Putnam wrote:
>> I'm probably jumping the gun, but this RVS4000 is looking more and
>> more like some pretty sorry junk to me.
> I can but sympathise with your frustration. They seem to have offered a
> dumbed down version of something here which is not readily recognisable as a
> Cisco machine. Perhaps all this additional functionality is only available
> for their professional grade platforms
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-25 22:23 ` Jake Moe
@ 2011-04-26 6:08 ` Mick
0 siblings, 0 replies; 48+ messages in thread
From: Mick @ 2011-04-26 6:08 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 799 bytes --]
On Monday 25 April 2011 23:23:07 Jake Moe wrote:
> I haven't followed this entire thread, but is there any chance this
> isn't really a "Cisco" device as you know it, but a rebranded
> "Linksys"? After seeing a picture of the device, and reading that it's
> a "Small Business" router, I'd suspect it's a device that came out of
> their acquisition of Linksys. That'd explain the different config style
> you're seeing.
Snap!
I was about to say that from what Harry's describing this is more of a cheaper
'cisco appliance' than a cisco router. Linksys is a very probable candidate.
In that case you may be able to blast the firmware and install OpenWRT and the
like. Check the chipset first for hardware compatibility to make sure you
won't brick it!
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-25 18:44 ` Mick
2011-04-25 22:23 ` Jake Moe
@ 2011-04-26 22:27 ` Harry Putnam
2011-04-27 6:23 ` Mick
1 sibling, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-26 22:27 UTC (permalink / raw
To: gentoo-user
Mick <michaelkintzios@gmail.com> writes:
>> After turning remote admin on, and setting a single IP address to be
>> able to connect... I still cannot access it for remote admin on 8080.
>
> Did you try this from the Internet, or from within your LAN?
Inside lan. I guess you are saying that connection is expected be from
outside?
Haven't had the opportunity for that yet. The only remote machine I
have access is to is a shell account on a gentoo machine, so lynx, and
I've seen on home lan that the device responds to lynx telling me I
need a newer browser, when I hit it by IP using lynx.
Jumping up the thread a bit now, after Pauls excellent input. I see
that iptables cmd is known on the OS, but man I really had not wanted
to pound my way thru iptables to the point of competency.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-26 22:27 ` Harry Putnam
@ 2011-04-27 6:23 ` Mick
2011-04-28 5:31 ` Harry Putnam
0 siblings, 1 reply; 48+ messages in thread
From: Mick @ 2011-04-27 6:23 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 1427 bytes --]
On Tuesday 26 April 2011 23:27:06 Harry Putnam wrote:
> Mick <michaelkintzios@gmail.com> writes:
> >> After turning remote admin on, and setting a single IP address to be
> >> able to connect... I still cannot access it for remote admin on 8080.
> >
> > Did you try this from the Internet, or from within your LAN?
>
> Inside lan. I guess you are saying that connection is expected be from
> outside?
Well, I don't really know what we're dealing with here. If it were a pure
Cisco machine (as opposed to a Linksys) then it may not have loopback
configured and the "remote" admin would only be accessible from the WAN. It
would truly be remote access.
> Haven't had the opportunity for that yet. The only remote machine I
> have access is to is a shell account on a gentoo machine, so lynx, and
> I've seen on home lan that the device responds to lynx telling me I
> need a newer browser, when I hit it by IP using lynx.
>
> Jumping up the thread a bit now, after Pauls excellent input. I see
> that iptables cmd is known on the OS, but man I really had not wanted
> to pound my way thru iptables to the point of competency.
Count yourself lucky. I'd rather have to deal with Linux IP Tables than IOS
any time!
Once you access it via telnet, have a look for any log rules in IP Tables
(/sbin/iptables -L -v -n) and perhaps all we need to do is modify those.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-27 6:23 ` Mick
@ 2011-04-28 5:31 ` Harry Putnam
2011-04-28 14:36 ` Todd Goodman
2011-04-28 16:07 ` Mick
0 siblings, 2 replies; 48+ messages in thread
From: Harry Putnam @ 2011-04-28 5:31 UTC (permalink / raw
To: gentoo-user
Mick <michaelkintzios@gmail.com> writes:
>> Jumping up the thread a bit now, after Pauls excellent input. I see
>> that iptables cmd is known on the OS, but man I really had not wanted
>> to pound my way thru iptables to the point of competency.
>
> Count yourself lucky. I'd rather have to deal with Linux IP Tables than IOS
> any time!
Hehe
> Once you access it via telnet, have a look for any log rules in IP Tables
> (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those.
Yeah I had a look at the lines containing LOG and of course had no
idea of what they meant or how to alter them.
The entire iptables is inlined below... maybe you will know how to alter
them so that ports show up in logs. That is, only if you are still
patient enough to continue.... so far, no one has complained about the
OT thread... but I fear I must be nearing the end of your patient
willingness to continue, if not the lists willingness to allow my OT
thread.
------- --------- ---=--- --------- --------
There only 4 instances of LOG in the tables. But I wonder if it might
just be an increase in log level that is required.
I wanted to try that out, but was a bit chicken, thinking I'd destroy
whatever setup there is that invokes the iptable rules.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
INPUT_UDP udp -- 0.0.0.0/0 0.0.0.0/0
INPUT_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ip_filter all -- 0.0.0.0/0 0.0.0.0/0
POLICY icmp -- 0.0.0.0/0 0.0.0.0/0
POLICY udp -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02
POLICY tcp -- 0.0.0.0/0 0.0.0.0/0
TREND_MICRO tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 http me
DMZ_PASS all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID
Chain BLOCK (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain DMZ_PASS (1 references)
target prot opt source destination
Chain DOS (6 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_TCP (1 references)
target prot opt source destination
DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_UDP (1 references)
target prot opt source destination
DOS udp -- 0.0.0.0/0 0.0.0.0/0
RETURN udp -- 0.0.0.0/0 0.0.0.0/0
Chain HTTP (0 references)
target prot opt source destination
Chain INPUT_TCP (1 references)
target prot opt source destination
SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
ACCEPT tcp -- 0.0.0.0/0 192.168.0.20 tcp dpt:30443
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 23,
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT_UDP (1 references)
target prot opt source destination
SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
DOS udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 68.87.72.13 0.0.0.0/0 udp spt:67 dpt:68
RETURN udp -- 0.0.0.0/0 0.0.0.0/0
Chain POLICY (3 references)
target prot opt source destination
PORT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain PORT_FORWARD (1 references)
target prot opt source destination
DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
FORWARD_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
FORWARD_UDP udp -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain SCAN (2 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain TREND_MICRO (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain ip_filter (1 references)
target prot opt source destination
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-28 5:31 ` Harry Putnam
@ 2011-04-28 14:36 ` Todd Goodman
2011-04-30 4:28 ` Harry Putnam
2011-04-28 16:07 ` Mick
1 sibling, 1 reply; 48+ messages in thread
From: Todd Goodman @ 2011-04-28 14:36 UTC (permalink / raw
To: gentoo-user
* Harry Putnam <reader@newsguy.com> [110428 01:06]:
> Yeah I had a look at the lines containing LOG and of course had no
> idea of what they meant or how to alter them.
>
> The entire iptables is inlined below... maybe you will know how to alter
> them so that ports show up in logs. That is, only if you are still
> patient enough to continue.... so far, no one has complained about the
> OT thread... but I fear I must be nearing the end of your patient
> willingness to continue, if not the lists willingness to allow my OT
> thread.
>
> ------- --------- ---=--- --------- --------
> There only 4 instances of LOG in the tables. But I wonder if it might
> just be an increase in log level that is required.
I don't think so. That's the syslog level and changing it might change
if you see the logged entries at all (depending on your syslog config.)
>
> I wanted to try that out, but was a bit chicken, thinking I'd destroy
> whatever setup there is that invokes the iptable rules.
You won't really break anything by changing the log levels.
If you're changing things using iptables commands from the shell then
it's unlikely any changes are permanent anyway (everything will go back
to how it was.) To make a permanent change you'll need to figure how
and where the iptables rules are being loaded from when the system comes
up (it might be using iptable-save and iptables-restore or a firewall
script or similar.)
Now I'm not an expert on iptables logging and I'm sure Mick and/or
someone else will respond too.
I think your iptables output is truncated at 80 columns too so some of
the info is missing at the ends of some of the lines.
Also, I apologize but I forget exactly the traffic for which you're
trying to get the port #'s logged?
But let's go through what's there (apologies if you already know what
I mention:)
First, iptables has different tables that it (netfilter in the kernel)
uses for different purposes. The one you're interested in (and which
you dumped and is the default for the iptables command if you don't
specify one) is the filter table.
Other tables that are of interest for other things are the nat table
and, for most people, to a lessor degree the mangle table.
Inside tables there are standard chains of rules and there are
(potentially) user-defined chains.
The path a packet takes in the system determines which tables and chains
are processed.
>
> Chain INPUT (policy DROP)
The filter table INPUT chain is used when a packet is destined for the
box itself (i.e., not sourced on the box and not being forwarded through
the box.)
The policy is to DROP any packets that aren't matched by terminating
rules (e.g., ACCEPT) in the chain.
> target prot opt source destination
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500
These ACCEPT rules allow certain traffic destined for the router itself.
> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:
Other TCP traffic that's not allowed above is dropped if it's a NEW TCP
connection to the router itself (i.e., not a response to TCP traffic
initiated by the router.)
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
This accepts any traffic that's part of a flow initiated from the
router.
> INPUT_UDP udp -- 0.0.0.0/0 0.0.0.0/0
Go process the the user defined INPUT_UDP chain if the packet is a UDP
packet. If that chain reaches the end of its rule list without matching
a terminating rule it will return back here (as with all jumps to other
chains.)
> INPUT_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
Go process the the user defined INPUT_TCP chain if the packet is a TCP
packet
> DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
Go process the the user defined DOS chain if the packet is a ICMP
packet with icmp type 8
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all traffic that's in state NEW to the router. Presumably if a
packet hasn't been dropped above or in the user defined chains then the
router wants to see that traffic.
>
> Chain FORWARD (policy DROP)
The filter table FORWARD chain is used when a packet is being forwarded
by the system. The default policy is to DROP packets not matched by any
terminating rules in the chain.
> target prot opt source destination
> ip_filter all -- 0.0.0.0/0 0.0.0.0/0
Go process the user defined ip_filter chain for all packets
> POLICY icmp -- 0.0.0.0/0 0.0.0.0/0
Go process the user defined POLICY chain for ICMP packets
> POLICY udp -- 0.0.0.0/0 0.0.0.0/0
Go process the user defined POLICY chain for UDP packets
> TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02
Go process the user defined TCPMSS chain for TCP packets with certain
flags set in the packet
> POLICY tcp -- 0.0.0.0/0 0.0.0.0/0
Go process the user defined POLICY chain for all TCP packets
> TREND_MICRO tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 http me
Go process the user defined TREND_MICRO chain for tcp traffic destined
for TCP port 80 (HTTP)
> DMZ_PASS all -- 0.0.0.0/0 0.0.0.0/0
Go process the user defined DMZ_PASS chain for all traffic
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
ACCEPT any traffic that's already been set up (state RELATED or
ESTABLISHED.)
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT any traffic that's being initiated
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT any traffic
>
> Chain OUTPUT (policy ACCEPT)
The filter table OUTPUT chain is for traffic sourced by the router
itself. The default policy is to ACCEPT any traffic initiated by the
router.
> target prot opt source destination
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
Allow any ICMP packets from the router
> DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID
Drop any invalid ICMP packets
>
> Chain BLOCK (0 references)
User defined chain BLOCK. It's not used by anyone (0 references) so we
can ignore it
> target prot opt source destination
> LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
> DROP all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain DMZ_PASS (1 references)
> target prot opt source destination
Empty user defined chaing DMZ_PASS
>
> Chain DOS (6 references)
User defined DOS chain
> target prot opt source destination
> RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
rate limit TCP packets (return to caller if it's OK)
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
Return to caller if it's a RELATED or ESTABLISHED UDP packet
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
Rate limit UDP packets (return to caller if it's OK)
> RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a
Rate limit ICMP type 8 packets (return to caller if it's OK)
> LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
Create a log entry
> DROP all -- 0.0.0.0/0 0.0.0.0/0
And then drop the packet
>
> Chain FORWARD_TCP (1 references)
The user defined FORWARD_TCP chain.
> target prot opt source destination
> DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
Call DOS if it's an INVALID or NEW TCP connection
> RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
Return if it's a TCP packet (it's going to return anyway...)
>
> Chain FORWARD_UDP (1 references)
The user defined FORWARD_UDP chain
> target prot opt source destination
> DOS udp -- 0.0.0.0/0 0.0.0.0/0
Call DOS if it's a UDP packet
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0
Return if it's a UDP packet
>
> Chain HTTP (0 references)
User defined HTTP chain. No one is using it so we can ignore it.
> target prot opt source destination
>
> Chain INPUT_TCP (1 references)
User defined INPUT_TCP chain.
> target prot opt source destination
> SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
Call SCAN for any packet that's part of a port scanning attempt (as
defined by the parameters to the psd match.)
> DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
Call DOS for any INVALID or NEW TCP packet
> ACCEPT tcp -- 0.0.0.0/0 192.168.0.20 tcp dpt:30443
ACCEPT any TCP packet destined for port 30443 and change the destination
IP address to 192.168.0.20
> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 23,
DROP any TCP traffic matching destination ports 23 and the rest that are
truncated.
> RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
Return if it's a TCP packet
>
> Chain INPUT_UDP (1 references)
The user defined INPUT_UDP chain
> target prot opt source destination
> SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
Call SCAN if it matches the psd match
> DOS udp -- 0.0.0.0/0 0.0.0.0/0
Call DOS if it's a UDP packet
> ACCEPT udp -- 68.87.72.13 0.0.0.0/0 udp spt:67 dpt:68
Accept UDP traffic from host 68.87.72.13 with a source port of 67 and a
destination port of 68
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0
Return if it's a UDP packet
>
> Chain POLICY (3 references)
User defined POLICY chain
> target prot opt source destination
> PORT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
Call PORT_FORWARD for all packets
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN for all packets
>
> Chain PORT_FORWARD (1 references)
User defined PORT_FORWARD chain
> target prot opt source destination
> DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
Call DOS if it's an ICMP type 8 packet
> FORWARD_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
Call FORWARD_TCP if it's a TCP packet
> FORWARD_UDP udp -- 0.0.0.0/0 0.0.0.0/0
Call FORWARD_UDP if it's a UDP packet
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN for any packet
>
> Chain SCAN (2 references)
User defined SCAN chain
> target prot opt source destination
> LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
Log the packet but not more than 10/sec
> DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP the packet
>
> Chain TREND_MICRO (1 references)
User defined TREND_MICRO chain. It doesn't really do anything
> target prot opt source destination
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain ip_filter (1 references)
User defined ip_filter chain. Doesn't do anything
> target prot opt source destination
>
OK, so that's what is going on in your iptables.
Without knowing what specific traffic (and the situation) I'm not sure
where to look at the LOG rules. Sorry I forget this.
All this being said, my LOG rules always include source and destination
ports for TCP and UDP traffic.
Can you post (or send me in private email) some of your log output to
look at?
Thanks,
Todd
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-28 5:31 ` Harry Putnam
2011-04-28 14:36 ` Todd Goodman
@ 2011-04-28 16:07 ` Mick
1 sibling, 0 replies; 48+ messages in thread
From: Mick @ 2011-04-28 16:07 UTC (permalink / raw
To: gentoo-user
On 28 April 2011 06:31, Harry Putnam <reader@newsguy.com> wrote:
> Mick <michaelkintzios@gmail.com> writes:
>> Once you access it via telnet, have a look for any log rules in IP Tables
>> (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those.
>
> Yeah I had a look at the lines containing LOG and of course had no
> idea of what they meant or how to alter them.
OK, let's see what's you got here. The first logging rule is this:
> Chain BLOCK (0 references)
> target prot opt source destination
> LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
> DROP all -- 0.0.0.0/0 0.0.0.0/0
In the chain called BLOCK you have rule No.1 with target LOG which is
used to ... log:
all protocols
no options
any source
any destination
all(?) flags
level 4 of verbosity
I assume that setting this to level 6 would show ports too.
> The entire iptables is inlined below... maybe you will know how to alter
> them so that ports show up in logs. That is, only if you are still
> patient enough to continue.... so far, no one has complained about the
> OT thread... but I fear I must be nearing the end of your patient
> willingness to continue, if not the lists willingness to allow my OT
> thread.
No worries! I'm no iptables guru, but I'm still here! ;-)
> There only 4 instances of LOG in the tables. But I wonder if it might
> just be an increase in log level that is required.
Yes, level 6, or level 7 (debug) should give you more than the
verbosity required. Careful though you don't overdo it and flood your
logs. To guard against this options like --limit-burst or
--limit-rate will only capture some of the initial similar packets and
quietly drop the rest.
> I wanted to try that out, but was a bit chicken, thinking I'd destroy
> whatever setup there is that invokes the iptable rules.
Yes, that's wise. You don't want to be inadvertently opening holes in
your firewall ...
This is why you can back up the existing set of rules and then
reinstate it when you need to. In Gentoo we can see in our
/etc/conf.d/iptables:
==========================================
# /etc/conf.d/iptables
# Location in which iptables initscript will save set rules on
# service shutdown
IPTABLES_SAVE="/var/lib/iptables/rules-save"
# Options to pass to iptables-save and iptables-restore
SAVE_RESTORE_OPTIONS="-c"
# Save state on stopping iptables
SAVE_ON_STOP="yes"
==========================================
Unless you are running some special script at boot up, there's where
all your running rules will be saved:
# /etc/init.d/iptables --verbose save
* Saving iptables state ... [ ok ]
Then run any commands you want to alter your rule set and if you don't
like it restart/reload your iptables (without saving first) to restore
your previous configuration.
I would therefore recommend that you experiment on your desktop to
achieve the logging level you want and then run the same commands on
the router. I guess in the router you'll have to reboot it to reset
the rules, or you will need to find the Linksys equivalent command
that will save the running rule set (it may be different to
/etc/init.d/iptables save - most probably something like
/sbin/iptables-save with redirection to a file).
The command you want to run is /sbin/iptables --replace:
-R, --replace chain rulenum rule-specification
Replace a rule in the selected chain. If the source and/or des‐
tination names resolve to multiple addresses, the command will
fail. Rules are numbered starting at 1.
So, to modify the above rule you would run something like:
/sbin/iptables --replace BLOCK 1 -m limit --limit 15/minute -j LOG
--log-level 6 --log -prefix "Blocked packets"
This will only replace the above number 1 rule in the BLOCK chain.
> Chain DOS (6 references)
> target prot opt source destination
> RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
> RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a
> LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
> DROP all -- 0.0.0.0/0 0.0.0.0/0
To replace the above number 5 rule in the DOS chain you need to follow
my example, but first you have to see more than the options shown
above - I think that your terminal only showed up to a "burst" option
and chopped the rest off?
> Chain SCAN (2 references)
> target prot opt source destination
> LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
> DROP all -- 0.0.0.0/0 0.0.0.0/0
Ditto here, you want to replace rule number 1, of the SCAN chain, but
you need to see the complete rule options in the original so that you
can also add them in your command, increasing the level to 6 of
course. Have a look in man iptables for details of the different
options.
As I said, try it all out in your desktop, see that you are happy with
the result and then run the 3 commands on your router. If it gives
you the results you want, then save them in the configuration - once
you find where these rules are saved of course. Perhaps clicking on
the save button of the GUI will achieve the same result after you have
made all these changes - give it a try and see if it works.
HTH.
--
Regards,
Mick
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-28 14:36 ` Todd Goodman
@ 2011-04-30 4:28 ` Harry Putnam
2011-04-30 15:02 ` Todd Goodman
0 siblings, 1 reply; 48+ messages in thread
From: Harry Putnam @ 2011-04-30 4:28 UTC (permalink / raw
To: gentoo-user
Todd Goodman <tsg@bonedaddy.net> writes:
[...]
> You won't really break anything by changing the log levels.
Todd, your post was really a boost for me. And thanks for you kind
offer of looking things over.
[...]
Mick wrote:
> No worries! I'm no iptables guru, but I'm still here! ;-)
[...]
Mick, your post was another really info packed and helpful response.
This really sucks since I think right now is the proper time to pursue
this stuff full tilt.
However, life is intervening and I am leaving for Atlanta (from Gary
IN) tomorrow with an old beatup 1979 1 ton ford pulling a gooseneck
trailer. I have quite a lot to do suddenly to get things ready with
the old beater so it will be a good while before I can get back to
this.
I suspect I've about worn out the OT thread by now, so won't renew it,
but I hope I will not be wearing out my welcome if I call on either of
you by private email if I get in deep doo doo, when I do get back at
this.
I think both of your input on this is so full and thorough that I may
be able to get it figured out now without further pestering.
^ permalink raw reply [flat|nested] 48+ messages in thread
* Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-30 4:28 ` Harry Putnam
@ 2011-04-30 15:02 ` Todd Goodman
0 siblings, 0 replies; 48+ messages in thread
From: Todd Goodman @ 2011-04-30 15:02 UTC (permalink / raw
To: gentoo-user
* Harry Putnam <reader@newsguy.com> [110430 00:03]:
> Todd Goodman <tsg@bonedaddy.net> writes:
>
> [...]
>
> > You won't really break anything by changing the log levels.
>
> Todd, your post was really a boost for me. And thanks for you kind
> offer of looking things over.
>
> [...]
>
> Mick wrote:
> > No worries! I'm no iptables guru, but I'm still here! ;-)
>
> [...]
>
> Mick, your post was another really info packed and helpful response.
>
> This really sucks since I think right now is the proper time to pursue
> this stuff full tilt.
>
> However, life is intervening and I am leaving for Atlanta (from Gary
> IN) tomorrow with an old beatup 1979 1 ton ford pulling a gooseneck
> trailer. I have quite a lot to do suddenly to get things ready with
> the old beater so it will be a good while before I can get back to
> this.
>
> I suspect I've about worn out the OT thread by now, so won't renew it,
> but I hope I will not be wearing out my welcome if I call on either of
> you by private email if I get in deep doo doo, when I do get back at
> this.
>
> I think both of your input on this is so full and thorough that I may
> be able to get it figured out now without further pestering.
>
You're welcome and are welcome to contact me via private email.
Good luck on your trip!
Todd
^ permalink raw reply [flat|nested] 48+ messages in thread
* [gentoo-user] Re: [OT router advice] a router capable of detailed logs
2011-04-20 19:14 ` Harry Putnam
@ 2011-04-30 17:47 ` James
0 siblings, 0 replies; 48+ messages in thread
From: James @ 2011-04-30 17:47 UTC (permalink / raw
To: gentoo-user
Harry Putnam <reader <at> newsguy.com> writes:
> All good, except then you have to muck around with iptables. I once
> knew a bit about that when it first replaced ipchains in linux
> distros... thats' been yrs ago, and I've completely forgotten whatever
> I may have learned back then.
Hello Harry,
These links may provide the theoretical information
you seek, for logging on an embedded linux device.
http://www.netfilter.org/projects/conntrack-tools/index.html
http://conntrack-tools.netfilter.org/
However, this is not a painless path, but one full
of reward and fine_grain control of logging information.
hth,
James
^ permalink raw reply [flat|nested] 48+ messages in thread
end of thread, other threads:[~2011-04-30 17:50 UTC | newest]
Thread overview: 48+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
2011-04-19 6:02 ` Mick
2011-04-20 15:56 ` [gentoo-user] " Harry Putnam
2011-04-21 5:55 ` Mick
2011-04-21 5:58 ` Mick
2011-04-22 19:28 ` Harry Putnam
2011-04-22 22:17 ` Mick
2011-04-25 17:37 ` Harry Putnam
2011-04-25 18:20 ` Paul Hartman
2011-04-25 19:04 ` Mick
2011-04-25 18:44 ` Mick
2011-04-25 22:23 ` Jake Moe
2011-04-26 6:08 ` Mick
2011-04-26 22:27 ` Harry Putnam
2011-04-27 6:23 ` Mick
2011-04-28 5:31 ` Harry Putnam
2011-04-28 14:36 ` Todd Goodman
2011-04-30 4:28 ` Harry Putnam
2011-04-30 15:02 ` Todd Goodman
2011-04-28 16:07 ` Mick
2011-04-19 6:54 ` [gentoo-user] " Joost Roeleveld
2011-04-20 16:16 ` [gentoo-user] " Harry Putnam
2011-04-19 9:15 ` [gentoo-user] " Peter Humphrey
2011-04-20 16:23 ` [gentoo-user] " Harry Putnam
2011-04-20 18:49 ` Dale
2011-04-20 19:38 ` Harry Putnam
2011-04-20 19:50 ` Dale
2011-04-20 22:36 ` Peter Humphrey
2011-04-20 22:36 ` Harry Putnam
2011-04-20 23:35 ` Dale
2011-04-21 5:37 ` Pandu Poluan
2011-04-19 10:17 ` [gentoo-user] " Pandu Poluan
2011-04-19 10:18 ` Stroller
2011-04-19 14:50 ` Paul Hartman
2011-04-20 2:01 ` W.Kenworthy
2011-04-20 18:50 ` [gentoo-user] " Harry Putnam
2011-04-20 18:15 ` Harry Putnam
2011-04-20 18:15 ` Todd Goodman
2011-04-20 19:01 ` Harry Putnam
2011-04-20 18:48 ` Paul Hartman
2011-04-20 19:28 ` Harry Putnam
2011-04-20 20:11 ` Paul Hartman
2011-04-20 22:41 ` Harry Putnam
2011-04-21 12:22 ` Todd Goodman
2011-04-22 20:25 ` Harry Putnam
2011-04-22 22:47 ` Todd Goodman
2011-04-20 19:14 ` Harry Putnam
2011-04-30 17:47 ` James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox