From owner-freebsd-questions Fri Feb 22 2:47:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 5180637B416 for ; Fri, 22 Feb 2002 02:47:53 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020222104753.JSGV2626.rwcrmhc51.attbi.com@blossom.cjclark.org>; Fri, 22 Feb 2002 10:47:53 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g1MAlqQ84110; Fri, 22 Feb 2002 02:47:52 -0800 (PST) (envelope-from cjc) Date: Fri, 22 Feb 2002 02:47:52 -0800 From: "Crist J. Clark" To: Simon J Mudd Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and getting the interface logged Message-ID: <20020222024752.K48401@blossom.cjclark.org> References: <20020221084955.C48401@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from sjmudd@pobox.com on Thu, Feb 21, 2002 at 06:50:13PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Feb 21, 2002 at 06:50:13PM +0100, Simon J Mudd wrote: > Hello Crist, > > On Thu, 21 Feb 2002, Crist J. Clark wrote: > > > On Thu, Feb 21, 2002 at 05:18:59PM +0100, Simon J Mudd wrote: > > > I'm running 4.5-STABLE with ipfw and having trouble with my firewall > > > rules. However they are probably my own doing. > > > > > > Via syslog I see messages of the type: > > > > > > Feb 21 16:13:56 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000 from 44.133.228.5:2187 > > > Feb 21 16:13:57 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000 from 44.133.228.5:2188 > > > > Which are from net.inet.tcp.log_in_vain being set, not from ipfw(8). > > > > > Which I think my rules should allow: > > > > > > ${fwcmd} add pass all from ${inet} to ${inet} via ${iif} > > > > And they are letting it through if they are being logged in vain. > > ipfw doesn't talk about this sysctl. Could you point me to something which > explains it better? Because it has nothing to do with ipfw(8). See tcp(4), tcp.log_in_vain Log any connection attempts to ports where there is not a socket accepting connections. > > > where > > > > > > # set these to your inside interface network and netmask and ip > > > iif="ed0" > > > inet="44.133.228.0/26" > > > iip="44.133.228.2" > > > > > > How can I get syslog to log more information such as at least the > > > interface over which the traffic is arriving? > > > > If ipfw(8) was logging the packets, the interface information would be > > there. > > Ok, so for whatever reason my packets aren't being logged because my rules > don't matched correctly. I guess there's no way to get more information > out from the log_in_vain sysctl as it might help me diagnose my problem? I think it is telling you all you need to know. The packets are being received by the system, but nobody (no daemon) is listening for them. The firewall is passing the packets. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message