From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QFJr9-0006tz-Pw for garchives@archives.gentoo.org; Thu, 28 Apr 2011 05:33:40 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ADD801C001; Thu, 28 Apr 2011 05:31:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 5DA171C001 for ; Thu, 28 Apr 2011 05:31:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id B0AF02AC009 for ; Thu, 28 Apr 2011 05:31:45 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Score: -3.285 X-Spam-Level: X-Spam-Status: No, score=-3.285 required=5.5 tests=[AWL=-0.686, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69CUQ9RaEEyD for ; Thu, 28 Apr 2011 05:31:39 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 070511BC01C for ; Thu, 28 Apr 2011 05:31:37 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QFJp9-0000ZW-GJ for gentoo-user@gentoo.org; Thu, 28 Apr 2011 07:31:35 +0200 Received: from c-98-215-231-30.hsd1.in.comcast.net ([98.215.231.30]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 28 Apr 2011 07:31:35 +0200 Received: from reader by c-98-215-231-30.hsd1.in.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 28 Apr 2011 07:31:35 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Harry Putnam Subject: [gentoo-user] Re: [OT router advice] a router capable of detailed logs Date: Thu, 28 Apr 2011 00:31:18 -0500 Organization: Still searching... Message-ID: <87zknbaqmx.fsf@newsguy.com> References: <878vv69asl.fsf@newsguy.com> <201104251945.16273.michaelkintzios@gmail.com> <87liywd4xx.fsf@newsguy.com> <201104270723.44105.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: c-98-215-231-30.hsd1.in.comcast.net User-Agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:g405QFYQN+ocraS1Z7bePiTfDRw= X-Archives-Salt: X-Archives-Hash: 5b47097a406d052ab82eff7ddb732cc5 Mick writes: >> Jumping up the thread a bit now, after Pauls excellent input. I see >> that iptables cmd is known on the OS, but man I really had not wanted >> to pound my way thru iptables to the point of competency. > > Count yourself lucky. I'd rather have to deal with Linux IP Tables than IOS > any time! Hehe > Once you access it via telnet, have a look for any log rules in IP Tables > (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those. Yeah I had a look at the lines containing LOG and of course had no idea of what they meant or how to alter them. The entire iptables is inlined below... maybe you will know how to alter them so that ports show up in logs. That is, only if you are still patient enough to continue.... so far, no one has complained about the OT thread... but I fear I must be nearing the end of your patient willingness to continue, if not the lists willingness to allow my OT thread. ------- --------- ---=--- --------- -------- There only 4 instances of LOG in the tables. But I wonder if it might just be an increase in log level that is required. I wanted to try that out, but was a bit chicken, thinking I'd destroy whatever setup there is that invokes the iptable rules. Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags: ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL INPUT_UDP udp -- 0.0.0.0/0 0.0.0.0/0 INPUT_TCP tcp -- 0.0.0.0/0 0.0.0.0/0 DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW Chain FORWARD (policy DROP) target prot opt source destination ip_filter all -- 0.0.0.0/0 0.0.0.0/0 POLICY icmp -- 0.0.0.0/0 0.0.0.0/0 POLICY udp -- 0.0.0.0/0 0.0.0.0/0 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 POLICY tcp -- 0.0.0.0/0 0.0.0.0/0 TREND_MICRO tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 http me DMZ_PASS all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID Chain BLOCK (0 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain DMZ_PASS (1 references) target prot opt source destination Chain DOS (6 references) target prot opt source destination RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_TCP (1 references) target prot opt source destination DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_UDP (1 references) target prot opt source destination DOS udp -- 0.0.0.0/0 0.0.0.0/0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 Chain HTTP (0 references) target prot opt source destination Chain INPUT_TCP (1 references) target prot opt source destination SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc ACCEPT tcp -- 0.0.0.0/0 192.168.0.20 tcp dpt:30443 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 23, RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 Chain INPUT_UDP (1 references) target prot opt source destination SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold DOS udp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 68.87.72.13 0.0.0.0/0 udp spt:67 dpt:68 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 Chain POLICY (3 references) target prot opt source destination PORT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain PORT_FORWARD (1 references) target prot opt source destination DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 FORWARD_TCP tcp -- 0.0.0.0/0 0.0.0.0/0 FORWARD_UDP udp -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain SCAN (2 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain TREND_MICRO (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain ip_filter (1 references) target prot opt source destination