Re: turning on verbose logging for iptables?
Dave Price écrivait :
> My hope is that iptable's log output can give me the clue I need to tell
> the other site what they need to open up on their end to get the
> connection to pass thru.
You may just need something like this :
iptables -N LOGIT # special chain to log all except fragments
iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags
iptables -A LOGIT -j LOG
iptables -A LOGIT -j RETURN
iptables -I FORWARD -s $sourceIPtoSpy -j LOGIT
iptables -I FORWARD -d $sourceIPtoSpy -j LOGIT
It will not change anything in your firewall rules except it will log
*everything* (except fragments) from that $sourceIPtoSpy.
Cheers, J.C.
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: