Date: Fri, 01 Oct 2004 08:57:27 -0500 From: Norm Vilmer <norm@etherealconsulting.com> To: Subhro <subhro.kar@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw console messages Message-ID: <415D6247.5080507@etherealconsulting.com> In-Reply-To: <b2807d0404093020533f9d6342@mail.gmail.com> References: <415C2FA7.6010408@etherealconsulting.com> <415C3DD4.3020202@etherealconsulting.com> <b2807d0404093020533f9d6342@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Subhro wrote: > Could we have a look at the syslof configuration file? > > Regards > S. > > > On Thu, 30 Sep 2004 12:09:40 -0500, Norm Vilmer > <norm@etherealconsulting.com> wrote: > >> >>Norm Vilmer wrote: >> >> >>>I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks >>>now. For some reason a few connection attempts are showing up on the >>>console rather than going to the log file. I can't seem to figure out >>>why. Any ideas? >>> >>>I have tried adding the 'log' key word to every deny statement in my >>>IPFW firewall config file. For the most part all denied packets are >>>logged to /var/log/ipfw.log. But about 3-12 per night are not. These >>>also show up in the security run output email as kernel log messages. >>> >>> >>> >>> >>>_______________________________________________ >>>freebsd-questions@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>To unsubscribe, send any mail to >>>"freebsd-questions-unsubscribe@freebsd.org" >>> >> >>More info: my kernel is compiled with these option: >> >>option TCP_DROP_SYNFIN >>option ICMP_BANDLIM >>option IPFIREWALL >>option IPFIREWALL_VERBOSE >>option IPDIVERT >>option RANDOM_IP_ID >> >> >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >> > > > > I dont think it is a login problem. I made only one change to the syslog.conf file, I added !ipfw *.* /var/log/ipfw.log Ok, I did an experiment. I added ${cmd} add 10 pass TCP from any to ${oif} where oif is my outside/public ip. Then I attempted an FTP connection to my public ip from another machine. This popped up on the console. Connection attempt to TCP <my public ip>:21 from <my other machine>:3079 flags:0x02 Now I get it <light bulb glowing above my head>, the message on the console are connection attempts that get through the firewall but no service is running on the port. need to look at my rules
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?415D6247.5080507>