From owner-freebsd-questions@FreeBSD.ORG Tue Sep 12 20:47:36 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE0A116A403 for ; Tue, 12 Sep 2006 20:47:36 +0000 (UTC) (envelope-from bsilver@chrononomicon.com) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id F04EB43D7D for ; Tue, 12 Sep 2006 20:47:30 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 3.7a) with ESMTP id 74071311 for multiple; Tue, 12 Sep 2006 16:47:23 -0400 In-Reply-To: References: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com> <20060912160830.b7a91061.wmoran@collaborativefusion.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7869C6E1-55F9-4028-AE9B-C0ED8044BA48@chrononomicon.com> Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Tue, 12 Sep 2006 16:46:20 -0400 To: Chuck Swiger X-Mailer: Apple Mail (2.752.2) X-Server: High Performance Mail Server - http://surgemail.com r=-1980812739 X-Authenticated-User: bsilver@chrononomicon.com Cc: FreeBSD Mailing Lists Subject: Re: forwarding as a gateway, logging certain traffic X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2006 20:47:36 -0000 On Sep 12, 2006, at 4:45 PM, Chuck Swiger wrote: > On Sep 12, 2006, at 1:37 PM, Bart Silverstrim wrote: >>> Better to use something like: >>> >>> ipfw add 1 log tcp from any to me 25 setup >>> >>> If Bart would like to use tcpdump for the same purpose, consider >>> running something like: >>> >>> tcpdump -nt 'port 25 and (tcp[tcpflags] & tcp-syn != 0)' >> >> Maybe my ipfw is old; it kept telling me that "log" is an invalid >> action. However, I think I may be able to get the tcpdump idea to >> work. > > There's a kernel option you need to enable for IPFW to do logging. > If you're kldload'ing the ipfw module, it probably wasn't compiled > with IPFW_LOGGING or whatever the exact name is. I had set the verbosity (I think that was the parameter) from googling around earlier, but that doesn't seem to help. I'm probably missing an option somewhere else. But you're right...tcpdump will be my friend :-)