Re: bridge logging - Jim Cliver

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Jim Cliver <jclive@mtaonline.net>
To: "Hurley, Michael" <MHurley@law.uconn.edu>
Cc: "'netfilter@lists.netfilter.org'" <netfilter@lists.netfilter.org>
Subject: Re: bridge logging
Date: Thu, 18 Mar 2004 11:00:05 -0900	[thread overview]
Message-ID: <4059FFC5.5040008@mtaonline.net> (raw)
In-Reply-To: <AD8D39C727CBD411BB2C0090273A727408F9F09C@mortimer.law.uconn.edu>

Hurley, Michael wrote:

> I've run into an odd snag. 
> Set up a bridge to protect a box that can't protect itself. Kernel 2.6.0,
> iptables 1.2.9. I'm trying to log some client-server interaction, so I
> created this rule:
> 
> iptables -A FORWARD -s $client -LOG --log-level 7 --log-prefix "IPT CLIENT:
> "
> iptables -A FORWARD -d $client -LOG --log-level 7 --log-prefix "IPT CLIENT:
> "
> 
> FORWARD policy is ACCEPT. There are *no* other rules or chains.
> 
> I redirect kern.7 messages into its own log. But no info is getting captured
> in there at all. tcpdump sees packets w/ client ip. 
> 
> What am I doing wrong and how can I log info going over the bridge to/from a
> particular ip?
> 
Hello Michael,

If you are attempting to perform this logging on a layer two (bridging) 
device then your logging rules will need to be based upon layer two 
addresses and not layer three (IP).  A bridge ordinarily does not see 
layer three addresses.

Regards,
jim


> 
> 
> /***************************************     .-"""-.
> Michael Hurley                              '       \ 
> Webmaster/SysAdmin                         |,.  ,-.  |
> University of Connecticut School of Law    |()L( ()| |
> mhurley@law.uconn.edu                      |,'  `".| |
> (860) 570-5233                             |.___.',| `
> ***************************************/  .j `--"' `  `.
>                                          / '        '   \
>                                         / /          `   `.
>                                        / /            `    .
>                                       / /              l   |
>                                      . ,               |   |
>                                      ,"`.             .|   |
>                                   _.'   ``.          | `..-'l
>                                  |       `.`,        |      `.
>                                  |         `.    __.j         )
>                                  |__        |--""___|      ,-'
>                                     `"--...,+""""   `._,.-' mh
> 
>

next prev parent reply	other threads:[~2004-03-18 20:00 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-18 19:11 bridge logging Hurley, Michael
2004-03-18 20:00 ` Jim Cliver [this message]
  -- strict thread matches above, loose matches on Subject: below --
2017-08-11 22:20 Bridge Logging Chris
2017-08-12 13:30 ` Chris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4059FFC5.5040008@mtaonline.net \
    --to=jclive@mtaonline.net \
    --cc=MHurley@law.uconn.edu \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox