* conntrack -E problem
@ 2009-04-20 15:01 Paddie O'Brien
2009-04-20 15:20 ` Gáspár Lajos
0 siblings, 1 reply; 4+ messages in thread
From: Paddie O'Brien @ 2009-04-20 15:01 UTC (permalink / raw)
To: netfilter
Hi,
I asked iptables to log all inbound connection attempts:
iptables -I INPUT 1 -d myipaddress -m state --state NEW -j LOG
I then asked conntrack to report the same events:
conntrack -E --event-mask NEW -d myipaddress
I assumed the above were equivalent but conntrack
does not report the same events as iptables, it seems
to miss unsuccessful connections.
I'd be grateful if anyone could tell me what's going on...
How can I get conntrack to report everything that iptables
does?
Thanks,
P
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack -E problem
2009-04-20 15:01 conntrack -E problem Paddie O'Brien
@ 2009-04-20 15:20 ` Gáspár Lajos
2009-04-20 16:15 ` Paddie O'Brien
0 siblings, 1 reply; 4+ messages in thread
From: Gáspár Lajos @ 2009-04-20 15:20 UTC (permalink / raw)
To: Paddie O'Brien; +Cc: netfilter
Paddie O'Brien írta:
> it seems to miss unsuccessful connections.
>
Just a question:
Why would you track unsuccessful connections?
If a connection ATTEMPT is unsuccessful then there is no CONNECTION ->
so there is nothing to track about....
Or am I wrong??? :D
Swifty
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack -E problem
2009-04-20 15:20 ` Gáspár Lajos
@ 2009-04-20 16:15 ` Paddie O'Brien
2009-04-21 10:56 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Paddie O'Brien @ 2009-04-20 16:15 UTC (permalink / raw)
To: Gáspár Lajos; +Cc: netfilter
> Just a question:
> Why would you track unsuccessful connections?
> If a connection ATTEMPT is unsuccessful then there is no CONNECTION -> so
> there is nothing to track about....
I want to know who on our wireless network at work
is attempting to connect to my machine.
My (shaky) understanding was that with conntrack I would
get a NEW event for any inbound first packet irrespective
of whether it led to the creation of an ESTABLISHED
connection or not.
> Or am I wrong??? :D
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack -E problem
2009-04-20 16:15 ` Paddie O'Brien
@ 2009-04-21 10:56 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2009-04-21 10:56 UTC (permalink / raw)
To: Paddie O'Brien; +Cc: Gáspár Lajos, netfilter
Paddie O'Brien wrote:
>> Just a question:
>> Why would you track unsuccessful connections?
>> If a connection ATTEMPT is unsuccessful then there is no CONNECTION -> so
>> there is nothing to track about....
>
> I want to know who on our wireless network at work
> is attempting to connect to my machine.
>
> My (shaky) understanding was that with conntrack I would
> get a NEW event for any inbound first packet irrespective
> of whether it led to the creation of an ESTABLISHED
> connection or not.
No, at least the first packet must succesfully go through the whole
firewall code, otherwise it is not logged by the conntrack code.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-04-21 10:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-20 15:01 conntrack -E problem Paddie O'Brien
2009-04-20 15:20 ` Gáspár Lajos
2009-04-20 16:15 ` Paddie O'Brien
2009-04-21 10:56 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.