From owner-freebsd-isp Wed Apr 29 07:36:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA15070 for freebsd-isp-outgoing; Wed, 29 Apr 1998 07:36:38 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA15049 for ; Wed, 29 Apr 1998 07:36:34 -0700 (PDT) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id PAA29081 for ; Wed, 29 Apr 1998 15:36:26 +0100 (BST) (envelope-from kpielorz@tdx.co.uk) Message-ID: <35473AE9.C42190F2@tdx.co.uk> Date: Wed, 29 Apr 1998 15:36:25 +0100 From: Karl Pielorz Organization: TDX X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: isp@FreeBSD.ORG Subject: IPFW - Diverts, logging and capture... Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a number of FreeBSD boxes ranging from 2.2.2 through to 3.0-CURRENT... I run ipfw on most of them (which should log any packets that should have been stopped already by 'up-stream' firewalls - they generate mail when this happens by watching /var/log/messages) My question is - rather than just junking the packets is there any way to actually 'capture' the rogue packets? - Or divert them onto another box /port which 'accepts' the connection - and logs all the data / packets it receives? I guess at lot of this might be solved with ipfw's divert capabilities? Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message