Date: Fri, 01 Oct 2004 08:57:27 -0500 From: Norm Vilmer <norm@etherealconsulting.com> To: Subhro <subhro.kar@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw console messages Message-ID: <415D6247.5080507@etherealconsulting.com> In-Reply-To: <b2807d0404093020533f9d6342@mail.gmail.com> References: <415C2FA7.6010408@etherealconsulting.com> <415C3DD4.3020202@etherealconsulting.com> <b2807d0404093020533f9d6342@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
Subhro wrote: > Could we have a look at the syslof configuration file? > > Regards > S. > > > On Thu, 30 Sep 2004 12:09:40 -0500, Norm Vilmer > <norm@etherealconsulting.com> wrote: > >> >>Norm Vilmer wrote: >> >> >>>I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks >>>now. For some reason a few connection attempts are showing up on the >>>console rather than going to the log file. I can't seem to figure out >>>why. Any ideas? >>> >>>I have tried adding the 'log' key word to every deny statement in my >>>IPFW firewall config file. For the most part all denied packets are >>>logged to /var/log/ipfw.log. But about 3-12 per night are not. These >>>also show up in the security run output email as kernel log messages. >>> >>> >>> >>> >>>_______________________________________________ >>>freebsd-questions@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>To unsubscribe, send any mail to >>>"freebsd-questions-unsubscribe@freebsd.org" >>> >> >>More info: my kernel is compiled with these option: >> >>option TCP_DROP_SYNFIN >>option ICMP_BANDLIM >>option IPFIREWALL >>option IPFIREWALL_VERBOSE >>option IPDIVERT >>option RANDOM_IP_ID >> >> >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >> > > > > I dont think it is a login problem. I made only one change to the syslog.conf file, I added !ipfw *.* /var/log/ipfw.log Ok, I did an experiment. I added ${cmd} add 10 pass TCP from any to ${oif} where oif is my outside/public ip. Then I attempted an FTP connection to my public ip from another machine. This popped up on the console. Connection attempt to TCP <my public ip>:21 from <my other machine>:3079 flags:0x02 Now I get it <light bulb glowing above my head>, the message on the console are connection attempts that get through the firewall but no service is running on the port. need to look at my ruleshome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?415D6247.5080507>