Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Feb 2002 12:30:22 -0500
From:      "Joe & Fhe Barbish" <barbish@a1poweruser.com>
To:        "Simon J Mudd" <sjmudd@pobox.com>
Cc:        "FBSDQ" <questions@FreeBSD.ORG>
Subject:   RE: ipfw and getting the interface logged
Message-ID:  <LPBBIGIAAKKEOEJOLEGOCEFICIAA.barbish@a1poweruser.com>
In-Reply-To: <Pine.LNX.4.44.0202211714050.30303-100000@phoenix.ea4els.ampr.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This messages are being issued by the log_in_vain="YES"
option in rc.conf. These are connection attempts by somebody
who is trying to break into your system and got stopped before
your IPFW firewall even knows about it.
This is a good thing. Do not change anything.
You can do a whois ip  command to see where those ip address
range is registered to.

-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Simon J Mudd
Sent: Thursday, February 21, 2002 11:19 AM
To: freebsd-questions@freebsd.org
Subject: ipfw and getting the interface logged

Hello,

I'm running 4.5-STABLE with ipfw and having trouble with my firewall
rules.  However they are probably my own doing.

Via syslog I see messages of the type:

Feb 21 16:13:56 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000
from 44.133.228.5:2187
Feb 21 16:13:57 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000
from 44.133.228.5:2188

Which I think my rules should allow:

${fwcmd} add pass all from ${inet} to ${inet} via ${iif}

where

# set these to your inside interface network and netmask and ip
iif="ed0"
inet="44.133.228.0/26"
iip="44.133.228.2"

How can I get syslog to log more information such as at least the
interface over which the traffic is arriving?

Thanks and regards,

Simon
--
Simon J Mudd,   Tel: +34-91-408 4878,  Mobile: +34-605-085 219
Madrid, Spain.  email: sjmudd@pobox.com,  Postfix RPM Packager


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBIGIAAKKEOEJOLEGOCEFICIAA.barbish>