Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Harry Putnam <reader@×××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
Date: Thu, 28 Apr 2011 05:33:40
Message-Id: 87zknbaqmx.fsf@newsguy.com
In Reply to: Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs by Mick
1 Mick <michaelkintzios@×××××.com> writes:
2
3 >> Jumping up the thread a bit now, after Pauls excellent input. I see
4 >> that iptables cmd is known on the OS, but man I really had not wanted
5 >> to pound my way thru iptables to the point of competency.
6 >
7 > Count yourself lucky. I'd rather have to deal with Linux IP Tables than IOS
8 > any time!
9
10 Hehe
11
12 > Once you access it via telnet, have a look for any log rules in IP Tables
13 > (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those.
14
15 Yeah I had a look at the lines containing LOG and of course had no
16 idea of what they meant or how to alter them.
17
18 The entire iptables is inlined below... maybe you will know how to alter
19 them so that ports show up in logs. That is, only if you are still
20 patient enough to continue.... so far, no one has complained about the
21 OT thread... but I fear I must be nearing the end of your patient
22 willingness to continue, if not the lists willingness to allow my OT
23 thread.
24
25 ------- --------- ---=--- --------- --------
26 There only 4 instances of LOG in the tables. But I wonder if it might
27 just be an increase in log level that is required.
28
29 I wanted to try that out, but was a bit chicken, thinking I'd destroy
30 whatever setup there is that invokes the iptable rules.
31
32 Chain INPUT (policy DROP)
33 target prot opt source destination
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
35 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500
38 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:
39 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
40 INPUT_UDP udp -- 0.0.0.0/0 0.0.0.0/0
41 INPUT_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
42 DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
43 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
44
45 Chain FORWARD (policy DROP)
46 target prot opt source destination
47 ip_filter all -- 0.0.0.0/0 0.0.0.0/0
48 POLICY icmp -- 0.0.0.0/0 0.0.0.0/0
49 POLICY udp -- 0.0.0.0/0 0.0.0.0/0
50 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02
51 POLICY tcp -- 0.0.0.0/0 0.0.0.0/0
52 TREND_MICRO tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 http me
53 DMZ_PASS all -- 0.0.0.0/0 0.0.0.0/0
54 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
55 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
56 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
57
58 Chain OUTPUT (policy ACCEPT)
59 target prot opt source destination
60 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
61 DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID
62
63 Chain BLOCK (0 references)
64 target prot opt source destination
65 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
66 DROP all -- 0.0.0.0/0 0.0.0.0/0
67
68 Chain DMZ_PASS (1 references)
69 target prot opt source destination
70
71 Chain DOS (6 references)
72 target prot opt source destination
73 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
74 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
75 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
76 RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a
77 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
78 DROP all -- 0.0.0.0/0 0.0.0.0/0
79
80 Chain FORWARD_TCP (1 references)
81 target prot opt source destination
82 DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
83 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
84
85 Chain FORWARD_UDP (1 references)
86 target prot opt source destination
87 DOS udp -- 0.0.0.0/0 0.0.0.0/0
88 RETURN udp -- 0.0.0.0/0 0.0.0.0/0
89
90 Chain HTTP (0 references)
91 target prot opt source destination
92
93 Chain INPUT_TCP (1 references)
94 target prot opt source destination
95 SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
96 DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
97 ACCEPT tcp -- 0.0.0.0/0 192.168.0.20 tcp dpt:30443
98 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 23,
99 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
100
101 Chain INPUT_UDP (1 references)
102 target prot opt source destination
103 SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
104 DOS udp -- 0.0.0.0/0 0.0.0.0/0
105 ACCEPT udp -- 68.87.72.13 0.0.0.0/0 udp spt:67 dpt:68
106 RETURN udp -- 0.0.0.0/0 0.0.0.0/0
107
108 Chain POLICY (3 references)
109 target prot opt source destination
110 PORT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
111 RETURN all -- 0.0.0.0/0 0.0.0.0/0
112
113 Chain PORT_FORWARD (1 references)
114 target prot opt source destination
115 DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
116 FORWARD_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
117 FORWARD_UDP udp -- 0.0.0.0/0 0.0.0.0/0
118 RETURN all -- 0.0.0.0/0 0.0.0.0/0
119
120 Chain SCAN (2 references)
121 target prot opt source destination
122 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
123 DROP all -- 0.0.0.0/0 0.0.0.0/0
124
125 Chain TREND_MICRO (1 references)
126 target prot opt source destination
127 RETURN all -- 0.0.0.0/0 0.0.0.0/0
128
129 Chain ip_filter (1 references)
130 target prot opt source destination

Replies

Subject Author
Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs Todd Goodman <tsg@×××××××××.net>
Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs Mick <michaelkintzios@×××××.com>
Report Message
Find on MARC Find on Google Groups