[Gllug] ipchains and logging

Andy McGarty andy at mcGarty.net
Tue Aug 14 18:57:51 UTC 2001


----- Original Message -----
From: <sean at uncertainty.org.uk>
To: <gllug at linux.co.uk>
Sent: Tuesday, August 14, 2001 7:16 PM
Subject: [Gllug] ipchains and logging


> Hi,
>   I'm experimenting eith my firewall and I'd like to log some extra
info...
>
> I want to allow Demon to initiate smtp connection  .. so
>
> ipchains -A input -i $extint -s 194.217.242.0/8 smtp -p TCP -l -j ACCEPT

I think the mask should be 194.217.242.0/24 ?  Also, I always put the -p TCP
earlier in the string, but I guess it makes no difference.

Could it be that other rules are allowing it through earlier in the chain?
Have you tried ipchains -L and walking through them manually?

Also, look at tcpdump on the interface and see what ports it says its using?

>
> syslog.conf
> *.info;mail.none;authpriv.none;cron.none                /var/log/messages
>
>
> demon help says
> -=-
> Those customers who use firewalls or otherwise place restrictions on
external connections to their machines (this applies mainly to Unix
software) should allow connections from hosts with IP addresses in the
range:
>
> 194.217.242.0 to 194.217.242.255
>
>
>
> on the default SMTP port (25).
> -=-
>
> well I seem to be getting my mail :-)
>
> but it's not being logged (as far as I can see)
>
> meantime I am getting log entries for rejected connection attempts to port
80 (code red?)
>
> any ideas?
>
> --
>
> Sean
>
>
>
>
>
>
> --
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list