* FTP connection track @ 2004-09-16 20:07 Krystian 2004-09-16 20:16 ` Jason Opperisano 0 siblings, 1 reply; 4+ messages in thread From: Krystian @ 2004-09-16 20:07 UTC (permalink / raw) To: netfilter hi i have a problem and would like to ask how you would do it. i have a linux router box. behind is my computer. I would like to track FTP connections so I can priotize them i my QoS. what rules should be applied to my box? Krystian ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FTP connection track 2004-09-16 20:07 FTP connection track Krystian @ 2004-09-16 20:16 ` Jason Opperisano 2004-09-18 17:37 ` Problem with LOG in /var/log/messages yann Conan 0 siblings, 1 reply; 4+ messages in thread From: Jason Opperisano @ 2004-09-16 20:16 UTC (permalink / raw) To: netfilter On Thu, 2004-09-16 at 16:07, Krystian wrote: > hi > > i have a problem and would like to ask how you would do it. > i have a linux router box. behind is my computer. > I would like to track FTP connections so I can priotize them i my QoS. > what rules should be applied to my box? > > Krystian iptables -t mangle -A PREROUTING -m helper --helper ftp \ -j MARK --set-mark 1 queue based on that mark (or the lack thereof). setting up queuing is beyond the scope of this list. more info at: http://lartc.org/howto/index.html -j -- Jason Opperisano <opie@817west.com> ^ permalink raw reply [flat|nested] 4+ messages in thread
* Problem with LOG in /var/log/messages 2004-09-16 20:16 ` Jason Opperisano @ 2004-09-18 17:37 ` yann Conan 2004-09-19 20:04 ` Joel Newkirk 0 siblings, 1 reply; 4+ messages in thread From: yann Conan @ 2004-09-18 17:37 UTC (permalink / raw) To: netfilter Hi all, I done this configuration test with iptables : iptables -P INPUT DROP iptables -A INPUT -j LOG iptables -P OUTPUT DROP iptables -A OUTPUT -j LOG I done this with iptables on a mandrake and on a REDHAT. I try to ping in 127.0.0.1 and after On Mandrake if I do a tail -f /var/log/messages I see the DROP On RedHat it doesn't work. the syslog.conf on RedHat and Mandrake are: *.info;mail.none;;news.none;authpriv.none -/var/log/messages What is the problem or what is the difference about default configuration between Mandrake and redHat? Best Regards, Yann Conan Bordeaux,France Vous manquez d’espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Problem with LOG in /var/log/messages 2004-09-18 17:37 ` Problem with LOG in /var/log/messages yann Conan @ 2004-09-19 20:04 ` Joel Newkirk 0 siblings, 0 replies; 4+ messages in thread From: Joel Newkirk @ 2004-09-19 20:04 UTC (permalink / raw) To: yann Conan; +Cc: netfilter yann Conan wrote: > On Mandrake if I do a tail -f /var/log/messages I see > the DROP > On RedHat it doesn't work. At a guess, there's already some rules in place on the RH box, and you added your LOG rule after them. I've seen that many RH and Fedora installs create a default ruleset, even if told "no firewall" during installation! Try "iptables -vnL" and see if there's other rules already in place, and check the packet & byte counts (first two numbers on each rule's line) to confirm if your LOG rule is actually matching packets. If you have default rules in place (RH likes jumping to a custom chain, like 'lokkit' something) then "iptables -F" to flush rules in filter tables chains, set DROP policies, then "service iptables save" will ensure that this configuration will be restored on reboot. (if your ruleset is not overly complicated, and doesn't depend on 'current' info like dynamic IP changes, you can just save/restore your rules this way pretty damn easily) You can look at the rules that will be restored during startup this way by examining /etc/sysconfig/iptables. Another suggestion is to insert "kern.=debug /var/log/firewall" near the top of /etc/syslog.conf (and restart syslog with "service syslog restart" or a reboot), then add "--log-level 7" to each of your LOG rules. Unless you're running a debug build of a kernel, you should get almost exclusively firewall-LOG entries in that file. Then use "--log-prefix 'SSHin:'" or whatever to aid in identifying LOG entries, where and why they were logged. j > Hi all, > > I done this configuration test with iptables : > iptables -P INPUT DROP > iptables -A INPUT -j LOG > iptables -P OUTPUT DROP > iptables -A OUTPUT -j LOG > > I done this with iptables on a mandrake and on a > REDHAT. > I try to ping in 127.0.0.1 and after > On Mandrake if I do a tail -f /var/log/messages I see > the DROP > On RedHat it doesn't work. > > the syslog.conf on RedHat and Mandrake are: > *.info;mail.none;;news.none;authpriv.none > -/var/log/messages > > What is the problem or what is the difference about > default configuration between Mandrake and redHat? > > Best Regards, > > Yann Conan > Bordeaux,France ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-09-19 20:04 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2004-09-16 20:07 FTP connection track Krystian 2004-09-16 20:16 ` Jason Opperisano 2004-09-18 17:37 ` Problem with LOG in /var/log/messages yann Conan 2004-09-19 20:04 ` Joel Newkirk
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox