Appendix C – System Log
178
iptables -I INPUT -j LOG -p tcp --syn -s
<X.X.X.X/XX>
-d
<Y.Y.Y.Y/YY>
--dport
<Z>
--log-prefix
<prefix>
This will log any TCP (
-p tcp
) session initiations (
--syn
) that arrive from the IP
address/netmask
X.X.X.X/XX
(
-s ...
) and are going to
Y.Y.Y.Y/YY
, destination port Z (
--
dport
).
For example, to log all inbound access requests from anywhere on the Internet
(0.0.0.0/0) to the PPTP service (port 1723) on the SnapGear appliance (IP address
1.2.3.4):
iptables -I INPUT -j LOG -p tcp --syn -s 0.0.0.0/0 -d 1.2.3.4
--dport 1723 --log-prefix "Internet PPTP access: "
To find the resultant log entry in the logs, simply search for the prefix, in this instance
"Internet PPTP access: "
.
If for example site 192.0.1.2 attempted to access the SnapGear appliance’s PPTP port,
the resultant log message would look something like this:
<12> Jan 24 17:19:17 2000 klogd: Internet PPTP access: IN=eth0
OUT= MAC=00:d0:cf:00:07:03:00:50:bf:20:66:4d:08:00 SRC=
DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43470 DF
PROTO=TCP SPT=4508 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
Note how
OUT
is set to nothing. This indicates that the packet was attempting to reach a
service on the SnapGear appliance, rather than attempting to pass through it.
A very similar scenario occurs for logging access requests that are attempting to pass
through the SnapGear appliance. It merely requires replacing the
INPUT
keyword with
FORWARD
.
Thus, to log permitted inbound requests to services hosted on a server behind the
SnapGear appliance, or outbound requests to services on a public network server, use:
iptables -I FORWARD -j LOG -p tcp --syn -s
<X.X.X.X/XX>
-d
<Y.Y.Y.Y/YY>
--dport
<Z>
--log-prefix
<prefix>
For example, to log all inbound requests from the IP address 5.6.7.8 to the mail server
(port 25) on the machine
flubber
on the LAN with address 192.168.1.1:
Содержание SnapGear
Страница 56: ...Dialin Setup 52 The following figure shows the user maintenance screen Figure 4 3...
Страница 178: ...174...
