[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipf/ipnat logging has stopped

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ipf/ipnat logging has stopped
From: Seth Arnold <sarnold_(_at_)_willamette_(_dot_)_edu>
Date: Tue, 3 Oct 2000 01:37:28 -0700

Greetings.

I managed to get my firewall/NAT setup without too much hassle about a
month ago. Everything seemed about right; I noticed three attacks within
fifteen minutes of installing my cable modem. All were repelled nicely.
:)

However, ipf stopped logging packets on Sep 14, and I rather miss the
logs. I don't recall changing anything, though it was probably about
that time I setup anon ftp. I had to poke a hole for that to work..

I've tried several things, including changing the log level for local0
to * in syslogd.conf, I've tried restarting ipf to no avail. I haven't
tried rebooting yet. (No monitor, no keyboard; I am reluctant to do
something that may cause it to break worse... :)

I've tried to do things to make it log some packets, such as "telnet IP
<port I know is open>" from machines on the internet... that didn't
update the log files either... (Though it did prevent the connections,
which is what I am really after, I think...)

Has anyone seen something similar, so they can point me towards (what is
probably obvious) a solution? Guesses? (Your guesses are better than
mine, which have all failed... :)

Thanks




$ cat /etc/ipf.rules                                                           
#       $OpenBSD: ipf.rules,v 1.6 1997/11/04 08:39:32 deraadt Exp $
#
# IP filtering rules.  See the ipf(5) man page for more
# information on the format of this file, and /usr/share/ipf
# for example configuration files.
#
# Pass all packets by default.
# edit the ipfilter= line in /etc/rc.conf to enable IP filtering
#

pass out quick on lo0
pass in quick on lo0

block in log quick all with short
block in log quick on xl1 proto icmp from any to any icmp-type redir
block in log quick on xl1 from any to any with ipopts

block in log quick on xl1 from 192.168.0.0/16 to any
block in log quick on xl1 from 176.16.0.0/12 to any
block in log quick on xl1 from 127.0.0.0/8 to any
block in log quick on xl1 from 10.0.0.0/8 to any
block in log quick on xl1 from 0.0.0.0/32 to any
block in log quick on xl1 from 255.255.255.255/32 to any

#block out log quick on xl1 from 192.168.0.0/16 to any
block out log quick on xl1 from 176.16.0.0/12 to any
block out log quick on xl1 from 10.0.0.0/8 to any
block out log quick on xl1 from 0.0.0.0/32 to any
block out log quick on xl1 from 255.255.255.255/32 to any

pass in quick on xl1 proto tcp from any to xl1 port = 20 keep state
pass in quick on xl1 proto tcp from any to xl1 port = 21 keep state
block in log quick on xl1 from any to any
pass out proto tcp from any to any keep state
pass out proto udp from any to any keep state

$ cat /etc/ipnat.rules                                                         
# $OpenBSD: ipnat.rules,v 1.2 1999/05/08 16:33:10 jason Exp $
#
# See /usr/share/ipf/nat.1 for examples.
# edit the ipnat= line in /etc/rc.conf to enable Network Address
# Translation

#map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000
map xl1 192.168.0.0/16 -> xl1/32 portmap tcp/udp 10000:20000
map xl1 192.168.0.0/16 -> xl1/32

map xl1 192.168.0.0/16 -> xl1/32 proxy port ftp ftp/tcp

Prev by Date: Re: Multi-Language Support
Next by Date: switch of SGID on a directory
Previous by thread: Re: Fw: Multi-Language Support
Next by thread: RE: ipf/ipnat logging has stopped
Index(es):
- Date
- Thread

Visit your host, monkey.org