Date: Fri, 22 Feb 2002 02:47:52 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Simon J Mudd <sjmudd@pobox.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and getting the interface logged Message-ID: <20020222024752.K48401@blossom.cjclark.org> In-Reply-To: <Pine.LNX.4.44.0202211843150.850-100000@phoenix.ea4els.ampr.org>; from sjmudd@pobox.com on Thu, Feb 21, 2002 at 06:50:13PM %2B0100 References: <20020221084955.C48401@blossom.cjclark.org> <Pine.LNX.4.44.0202211843150.850-100000@phoenix.ea4els.ampr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 21, 2002 at 06:50:13PM +0100, Simon J Mudd wrote:
> Hello Crist,
>
> On Thu, 21 Feb 2002, Crist J. Clark wrote:
>
> > On Thu, Feb 21, 2002 at 05:18:59PM +0100, Simon J Mudd wrote:
> > > I'm running 4.5-STABLE with ipfw and having trouble with my firewall
> > > rules. However they are probably my own doing.
> > >
> > > Via syslog I see messages of the type:
> > >
> > > Feb 21 16:13:56 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000 from 44.133.228.5:2187
> > > Feb 21 16:13:57 unicorn /kernel: Connection attempt to TCP 44.133.228.2:6000 from 44.133.228.5:2188
> >
> > Which are from net.inet.tcp.log_in_vain being set, not from ipfw(8).
> >
> > > Which I think my rules should allow:
> > >
> > > ${fwcmd} add pass all from ${inet} to ${inet} via ${iif}
> >
> > And they are letting it through if they are being logged in vain.
>
> ipfw doesn't talk about this sysctl. Could you point me to something which
> explains it better?
Because it has nothing to do with ipfw(8). See tcp(4),
tcp.log_in_vain Log any connection attempts to ports where there is
not a socket accepting connections.
> > > where
> > >
> > > # set these to your inside interface network and netmask and ip
> > > iif="ed0"
> > > inet="44.133.228.0/26"
> > > iip="44.133.228.2"
> > >
> > > How can I get syslog to log more information such as at least the
> > > interface over which the traffic is arriving?
> >
> > If ipfw(8) was logging the packets, the interface information would be
> > there.
>
> Ok, so for whatever reason my packets aren't being logged because my rules
> don't matched correctly. I guess there's no way to get more information
> out from the log_in_vain sysctl as it might help me diagnose my problem?
I think it is telling you all you need to know. The packets are being
received by the system, but nobody (no daemon) is listening for them.
The firewall is passing the packets.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020222024752.K48401>