* bridge logging
@ 2004-03-18 19:11 Hurley, Michael
2004-03-18 20:00 ` Jim Cliver
0 siblings, 1 reply; 4+ messages in thread
From: Hurley, Michael @ 2004-03-18 19:11 UTC (permalink / raw)
To: 'netfilter@lists.netfilter.org'
I've run into an odd snag.
Set up a bridge to protect a box that can't protect itself. Kernel 2.6.0,
iptables 1.2.9. I'm trying to log some client-server interaction, so I
created this rule:
iptables -A FORWARD -s $client -LOG --log-level 7 --log-prefix "IPT CLIENT:
"
iptables -A FORWARD -d $client -LOG --log-level 7 --log-prefix "IPT CLIENT:
"
FORWARD policy is ACCEPT. There are *no* other rules or chains.
I redirect kern.7 messages into its own log. But no info is getting captured
in there at all. tcpdump sees packets w/ client ip.
What am I doing wrong and how can I log info going over the bridge to/from a
particular ip?
/*************************************** .-"""-.
Michael Hurley ' \
Webmaster/SysAdmin |,. ,-. |
University of Connecticut School of Law |()L( ()| |
mhurley@law.uconn.edu |,' `".| |
(860) 570-5233 |.___.',| `
***************************************/ .j `--"' ` `.
/ ' ' \
/ / ` `.
/ / ` .
/ / l |
. , | |
,"`. .| |
_.' ``. | `..-'l
| `.`, | `.
| `. __.j )
|__ |--""___| ,-'
`"--...,+"""" `._,.-' mh
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: bridge logging
2004-03-18 19:11 bridge logging Hurley, Michael
@ 2004-03-18 20:00 ` Jim Cliver
0 siblings, 0 replies; 4+ messages in thread
From: Jim Cliver @ 2004-03-18 20:00 UTC (permalink / raw)
To: Hurley, Michael; +Cc: 'netfilter@lists.netfilter.org'
Hurley, Michael wrote:
> I've run into an odd snag.
> Set up a bridge to protect a box that can't protect itself. Kernel 2.6.0,
> iptables 1.2.9. I'm trying to log some client-server interaction, so I
> created this rule:
>
> iptables -A FORWARD -s $client -LOG --log-level 7 --log-prefix "IPT CLIENT:
> "
> iptables -A FORWARD -d $client -LOG --log-level 7 --log-prefix "IPT CLIENT:
> "
>
> FORWARD policy is ACCEPT. There are *no* other rules or chains.
>
> I redirect kern.7 messages into its own log. But no info is getting captured
> in there at all. tcpdump sees packets w/ client ip.
>
> What am I doing wrong and how can I log info going over the bridge to/from a
> particular ip?
>
Hello Michael,
If you are attempting to perform this logging on a layer two (bridging)
device then your logging rules will need to be based upon layer two
addresses and not layer three (IP). A bridge ordinarily does not see
layer three addresses.
Regards,
jim
>
>
> /*************************************** .-"""-.
> Michael Hurley ' \
> Webmaster/SysAdmin |,. ,-. |
> University of Connecticut School of Law |()L( ()| |
> mhurley@law.uconn.edu |,' `".| |
> (860) 570-5233 |.___.',| `
> ***************************************/ .j `--"' ` `.
> / ' ' \
> / / ` `.
> / / ` .
> / / l |
> . , | |
> ,"`. .| |
> _.' ``. | `..-'l
> | `.`, | `.
> | `. __.j )
> |__ |--""___| ,-'
> `"--...,+"""" `._,.-' mh
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Bridge Logging
@ 2017-08-11 22:20 Chris
2017-08-12 13:30 ` Chris
0 siblings, 1 reply; 4+ messages in thread
From: Chris @ 2017-08-11 22:20 UTC (permalink / raw)
To: netfilter
All,
I'm using 4.4.0-89-generic #112-Ubuntu Kernel.
I've setup a bridge
bridge name bridge id STP enabled interfaces
br0 8000.00322e111b2 no enp3s0
vnet0
Why is it possible to DROP packages from a KVM guest on the host INPUT
chain, but not to LOG them?
I've not loaded any bridge-nf modules. bridge/nf_call_iptables is 0.
- Chris
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Bridge Logging
2017-08-11 22:20 Bridge Logging Chris
@ 2017-08-12 13:30 ` Chris
0 siblings, 0 replies; 4+ messages in thread
From: Chris @ 2017-08-12 13:30 UTC (permalink / raw)
To: netfilter
Chris wrote:
> Why is it possible to DROP packages from a KVM guest on the host INPUT
> chain, but not to LOG them?
> I've not loaded any bridge-nf modules. bridge/nf_call_iptables is 0.
Can't reproduce it anymore, sorry.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-08-12 13:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-18 19:11 bridge logging Hurley, Michael
2004-03-18 20:00 ` Jim Cliver
-- strict thread matches above, loose matches on Subject: below --
2017-08-11 22:20 Bridge Logging Chris
2017-08-12 13:30 ` Chris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.