iptables ACCEPT and LOGGING

[cjburkha]

Hi,

I just set up iptables on my network, and I want to make sure it is working the way I expect it to(Sadly, the way I *expect* most computers to work and the way they *actually* work are usually two completly different things. But that is another problem)

I have these two rules in my rc.firewall script:

/sbin/iptables -A FORWARD -p udp -s 192.168.0.50 --sport 123 -d 129.6.15.29 --dport 123 -j ACCEPT
/sbin/iptables -A FORWARD -s 192.168.0.50 -j GREYDROP

Basically I let this one machine out of the network to check the time, and that is it. I expect all the other packets to drop. I want to log ACCEPTED packets to test my script. However, it is my understanding that ACCEPT will terminate the "thread", so I can't just put an all around -j LOG line at the end.

I log dropped packets from this machine, and I am picking up what I would expect, but I want to log packets that make it out of the network, from this machine. Can I do that with iptables? Or is that more of a job for tcpdump?

Thanks for your help,

CJB

 

[marsd]

iptables -I FORWARD -s 192.168.0.50 -d 0/0 -j LOG --log-prefix
"TIMEBOMB:Passed_Packet" ;)

HTH

 

[cjburkha]

Thanks for the reply, I'll try that right now.

CJB

 

[lullysing]

hey, for a similar question : where exactly do the iptables logs reside? I've read the man pages, but it wasn't really clear, and var log didn't have anything resembling it.

Or is this a multiple points question because it implies messing with syslog?

_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.

 

[ericbrunson]

Mine end up in /var/log/messages, and yes, syslog.conf controls where they go.