Re: tlug: ipchains logs and nmap audit

[Jim Tittsler <jwt-tlug@example.com>]

On Sat, Jan 22, 2000 at 07:50:50AM -0500, Subba Rao wrote:
> I have several ipchain rules. One of them is:
> 
> ipchains -A input -i ppp0 -p TCP --destination-port 21 -l -j DENY
> 
> Why are these ipchains not doing any logging?  I do have the -l option
> invoked for logging. The packet is supposed to be denied at the IP level
> and then logged into syslog. When I try to connect from another address to
> the IP address of the ppp0 interface, nothing gets logged. Instead, the
> tcplogd daemon captures it into the log. tcplogd is an application level
> filter and not at IP level.  Why is this ipchains rule (and others) not
> getting logged?

My guess would be that not only is it not being logged, the rule is not
actually active or the packet wouldn't have made it farther up the stack.
Does 'cat /proc/net/ip_fwnames /proc/net/ip_fwchains' suggest your rules
have actually been applied?

> How are you auditing your services on the ppp0 interface? What options in
> ipchains are you using to do the logging?

The -l switch causes a log message which klogd catches and hands off to
syslogd.  You'll want to make sure your /etc/syslogd.conf does whatever
you think appropriate for messages with facility 'kernel' and level 'info'.

-- 
Jim Tittsler, Tokyo   ICQ: 5981586

--------------------------------------------------------------------
Next Nomikai Meeting: February 18 (Fri) 19:00 Tengu TokyoEkiMae
Next Technical Meeting:  March 11 (Sat) 13:00 Temple University Japan
* Topic: TBD
--------------------------------------------------------------------
more info: http://www.tlug.gr.jp        Sponsor: Global Online Japan