Date: Tue, 13 Jun 2000 07:20:41 -0400 (EDT) From: Greg Hormann <ghormann@alumni.indiana.edu> To: Scott Campbell <scampbel@gvpl.victoria.bc.ca> Cc: security@freebsd.org Subject: Re: Setting up simple firewall with ipfw Message-ID: <Pine.BSF.4.05.10006130719290.4597-100000@hormann.tzo.cc> In-Reply-To: <Pine.BSF.4.05.10006120937430.11089-100000@pochta.gvpl.victoria.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm an idiot. I screwed up /etc/syslogd.conf. Once I fixed that things started working fine. Thanks. Greg. On Mon, 12 Jun 2000, Scott Campbell wrote: > On Sat, 10 Jun 2000, Greg Hormann wrote: > > > 2) I can't get logging working to help me trouble shoot my problems. > > (IPFIREWALL_VERBOSE is in the kernel.) -- It may works, and I don't know > > where to look for it. Its not appear on the console, and after looking > > and the man page, i still couldn't figure it out. > > > > sysctl net.inet.ip.fw returns: > > > > net.inet.ip.fw.enable: 1 > > net.inet.ip.fw.one_pass: 1 > > net.inet.ip.fw.debug: 1 > > net.inet.ip.fw.verbose: 1 > > net.inet.ip.fw.verbose_limit: 0 *********Probably the problem***** > > net.inet.ip.fw.dyn_buckets: 256 > > net.inet.ip.fw.curr_dyn_buckets: 256 > > net.inet.ip.fw.dyn_count: 0 > > net.inet.ip.fw.dyn_max: 1000 > > net.inet.ip.fw.dyn_ack_lifetime: 300 > > net.inet.ip.fw.dyn_syn_lifetime: 20 > > net.inet.ip.fw.dyn_fin_lifetime: 20 > > net.inet.ip.fw.dyn_rst_lifetime: 5 > > net.inet.ip.fw.dyn_short_lifetime: 5 > > > > > It sounds like your other problems are being delt with by the group but I > thought I would let you know about logging. > > In the kernel setup do you have a > > option IPFIREWALL_VERBOSE_LIMIT=??? > > line? I use 500 just so I don't get flooded when I turn it on. It (ipfw > man pg/LINT) doesn't say you _need_ it but I like to use it. The default > on the limit is 0 if you don't give it a value. I am not sure if you can > set this to log forever but I am sure you could work out a system of > turning your logs each night and reseting the counters if you were so > inclined. > > In syslog.conf you need something like > > !ipfw > *.* /var/log/ipfw.log > > then you need to touch /var/log/ipfw.log so that it exists. It won't be > able to write to the log if the file isn't there. > > You then need to write the rule you want to log with the 'log' command. > > ie > > ipfw add 1400 deny log tcp from any to any 1-1024 via ed0 > > which it looks like you already do. > > > Short answer: > Change your limit and ensure you have the log file set up correctly. Let > me know if you still can't get it logging and I'll try to help. > > > Scott E. Campbell > _______________________________ > Computer Operations > Greater Victoria Public Library > Victoria BC CANADA > > (250)382-7241 x230 > scampbel@gvpl.victoria.bc.ca > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10006130719290.4597-100000>