Iptables rules problem
menonrr at jmu.edu
menonrr at jmu.edu
Fri Oct 15 01:13:31 UTC 2004
10/14
Hello,
I needed to send my syslog from 192.16.1.10 (firewall/GW) to
192.168.1.3, the logserver. The syslogging worked. But since I
am monitoring all connections going to the internal
network(eth0) from outside, the log was filled with the syslog
connections from the gateway to the logserver.
So I gave 2 rules to help me with that:
To log the syslog traffic (just testing syslog)
#$IPTABLES -A OUTPUT -o eth0 -p udp -s 192.168.1.10/32
--source-port 514 -d 192.168.1.3/32 --destination-port 514 -m
limit --limit 15/minute --limit-burst 10 -j LOG --log-prefix
"Syslog traffictoTest: " # Log packets going to 192.168.1.0
(Rule I really need to log inbound traffic)
#$IPTABLES -A OUTPUT -o eth0 -p udp --destination-port ! 514
-m limit --limit 1/second --limit-burst 10 -j LOG --log-prefix
"Output packetsToTest: " # Log packets entering testnet except
udp 514 for syslog
----------------
The Problem:
-----------------
Only the syslog traffic is received. I lost all logging of
inbound traffic.
I would appreciate some help on this.
Thanks.
Menon
More information about the redhat-list
mailing list