Date: Mon, 26 Oct 1998 14:44:58 +1000 From: Stanley.Hopcroft@ipaustralia.gov.au To: isp@FreeBSD.ORG Subject: Using IPFW and DIVERT/TEE sockest to capture data (for intensive firewall logging) Message-ID: <4A2566A9.001A19A2.00@noteshub01.aipo.gov.au>
next in thread | raw e-mail | index | archive | help
Dear Ladies and Gentlemen, I am writing to ask your help use 2.2.7-RELEASE ipfw with tee/divert sockets to provide intensive logging (ie capturing the packet or the packets data) in a firewall conetxt. My kernel is built with options FIREWALL and options DIVERT; my ipfw rules appear to load correctly eg ipfw add tee 1000 from any 1-23- to <server> <server_port> ipfw add tee 1000 from <server> server_port> to any 1023- There is a small perl UDP or TCP server listening on port 1000 (visible with netstat -a) that copies the packet to stdout. Unfortunately, whether or not the server listening on port 1000 (having bound the socket to localhost port 1000), when the ipfw rule with tee is active, the rule seeminlgy doesnt' . log data (via the server) . allow packets through to the normal destination (address <server> port <server_port>) A client trying to connect to the subject of the rule returns - connection refused - permission denied. Thanks for any comments you may have. Yours sincerely. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A2566A9.001A19A2.00>