Re: which rule dropped the packet?

To: "Peter A. Felvegi" <felvegip@drmatrixbank.hu>
Cc: debian-firewall@lists.debian.org
Subject: Re: which rule dropped the packet?
From: Pulu 'Anau <pulu@afe.to>
Date: Thu, 30 Oct 2003 13:21:11 +1300
Message-id: <[🔎] 1067473271.3fa05977d2301@cafe.afe.to>

Change the log rules to have different prefixes, ie:

iptables -i eth0 -d 192.168.0.0/16 -j LOG --log-prefix "PrivateLanFwd "
iptables -i eth0 -d 192.168.0.0/16 -j DROP

iptables -i eth0 -d 127.0.0.1/16 -j LOG --log-prefix "Localhost "
iptables -i eth0 -d 127.0.0.1/16 -j DROP

Then you'll know.  Sort of annoying to have different rules like that, but, I
only have prefixes for a couple of different tables, and that narrows it down to
a couple of rules which are pretty easy to check by hand.

Pulu


----
Afe.to ANTS
POB 1478
Nuku'alofa, Tonga
Ph: Country code 676 - 27946 or 878-1332
http://www.afe.to
http://svcs.affero.net/rm.php?r=pulu


Quoting "Peter A. Felvegi" <felvegip@drmatrixbank.hu>:

> hello,
> 
>  is there a way to easily find out which fw rule caused the packet to be
> dropped? the fw logs before drops, but the ips and ports are of little
> help.
>  if i forward a port to the lan, it works fine, can reach a local machine
> from outside.  if i forward the same port to another machine on the inet,
> the fw (on the machine that does the port forwarding) drops the packets.
> why could that be?
> 
> 							thanks, p
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 


-------------------------------------------------
This mail sent from Tonga's Premiere Internet Cafe
Visit us online at http://www.cafe.afe.to 
discussions @ http://www.nomoa.com/index.php
generic info @  http://www.tongatapu.net.to

Reply to:

Prev by Date: limiting access thru pptp
Next by Date: my dear
Previous by thread: DNAT - IPtables - route2
Next by thread: my dear
Index(es):
- Date
- Thread