[gentoo-user] Re: [OT router advice] a router capable of detailed logs

Wed, 27 Apr 2011 22:33:45 -0700 

Mick <michaelkintz...@gmail.com> writes:

>> Jumping up the thread a bit now, after Pauls excellent input.  I see
>> that iptables cmd is known on the OS, but man I really had not wanted
>> to pound my way thru iptables to the point of competency.
>
> Count yourself lucky.  I'd rather have to deal with Linux IP Tables than IOS 
> any time!

Hehe

> Once you access it via telnet, have a look for any log rules in IP Tables 
> (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those.

Yeah I had a look at the lines containing LOG and of course had no
idea of what they meant or how to alter them.

The entire iptables is inlined below... maybe you will know how to alter
them so that ports show up in logs.  That is, only if you are still
patient enough to continue.... so far, no one has complained about the
OT thread... but I fear I must be nearing the end of your patient
willingness to continue, if not the lists willingness to allow my OT
thread.

-------        ---------       ---=---       ---------      -------- 
There only 4 instances of LOG in the tables.  But I wonder if it might
just be an increase in log level that is required.

I wanted to try that out, but was a bit chicken, thinking I'd destroy
whatever setup there is that invokes the iptable rules.

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:23
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:4500
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:500
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          state NEW tcp flags:
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABL
INPUT_UDP  udp  --  0.0.0.0/0            0.0.0.0/0
INPUT_TCP  tcp  --  0.0.0.0/0            0.0.0.0/0
DOS        icmp --  0.0.0.0/0            0.0.0.0/0          icmp type 8
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination
ip_filter  all  --  0.0.0.0/0            0.0.0.0/0
POLICY     icmp --  0.0.0.0/0            0.0.0.0/0
POLICY     udp  --  0.0.0.0/0            0.0.0.0/0
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02
POLICY     tcp  --  0.0.0.0/0            0.0.0.0/0
TREND_MICRO  tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:80 http me
DMZ_PASS   all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABL
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state NEW
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
DROP       icmp --  0.0.0.0/0            0.0.0.0/0          state INVALID

Chain BLOCK (0 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain DMZ_PASS (1 references)
target     prot opt source               destination

Chain DOS (6 references)
target     prot opt source               destination
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0          limit: avg 200/sec b
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABL
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0          limit: avg 200/sec b
RETURN     icmp --  0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: a
LOG        all  --  0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec bu
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD_TCP (1 references)
target     prot opt source               destination
DOS        tcp  --  0.0.0.0/0            0.0.0.0/0          state INVALID,NEW tc
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD_UDP (1 references)
target     prot opt source               destination
DOS        udp  --  0.0.0.0/0            0.0.0.0/0
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0

Chain HTTP (0 references)
target     prot opt source               destination

Chain INPUT_TCP (1 references)
target     prot opt source               destination
SCAN       all  --  0.0.0.0/0            0.0.0.0/0          psd weight-threshold
DOS        tcp  --  0.0.0.0/0            0.0.0.0/0          state INVALID,NEW tc
ACCEPT     tcp  --  0.0.0.0/0            192.168.0.20       tcp dpt:30443
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          multiport dports 23,
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0

Chain INPUT_UDP (1 references)
target     prot opt source               destination
SCAN       all  --  0.0.0.0/0            0.0.0.0/0          psd weight-threshold
DOS        udp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  68.87.72.13          0.0.0.0/0          udp spt:67 dpt:68
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0

Chain POLICY (3 references)
target     prot opt source               destination
PORT_FORWARD  all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain PORT_FORWARD (1 references)
target     prot opt source               destination
DOS        icmp --  0.0.0.0/0            0.0.0.0/0          icmp type 8
FORWARD_TCP  tcp  --  0.0.0.0/0            0.0.0.0/0
FORWARD_UDP  udp  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain SCAN (2 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec bu
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain TREND_MICRO (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ip_filter (1 references)
target     prot opt source               destination

Reply via email to