Date: Thu, 21 Feb 2002 12:30:22 -0500 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: "Simon J Mudd" <sjmudd@pobox.com> Cc: "FBSDQ" <questions@FreeBSD.ORG> Subject: RE: ipfw and getting the interface logged Message-ID: <LPBBIGIAAKKEOEJOLEGOCEFICIAA.barbish@a1poweruser.com> In-Reply-To: <Pine.LNX.4.44.0202211714050.30303-100000@phoenix.ea4els.ampr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This messages are being issued by the log_in_vain="YES" option in rc.conf. These are connection attempts by somebody who is trying to break into your system and got stopped before your IPFW firewall even knows about it. This is a good thing. Do not change anything. You can do a whois ip command to see where those ip address range is registered to. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Simon J Mudd Sent: Thursday, February 21, 2002 11:19 AM To: freebsd-questions@freebsd.org Subject: ipfw and getting the interface logged Hello, I'm running 4.5-STABLE with ipfw and having trouble with my firewall rules. However they are probably my own doing. Via syslog I see messages of the type: Feb 21 16:13:56 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000 from 44.133.228.5:2187 Feb 21 16:13:57 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000 from 44.133.228.5:2188 Which I think my rules should allow: ${fwcmd} add pass all from ${inet} to ${inet} via ${iif} where # set these to your inside interface network and netmask and ip iif="ed0" inet="44.133.228.0/26" iip="44.133.228.2" How can I get syslog to log more information such as at least the interface over which the traffic is arriving? Thanks and regards, Simon -- Simon J Mudd, Tel: +34-91-408 4878, Mobile: +34-605-085 219 Madrid, Spain. email: sjmudd@pobox.com, Postfix RPM Packager To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBIGIAAKKEOEJOLEGOCEFICIAA.barbish>