IPTABLES, LOGS TO FILES
This is a discussion on IPTABLES, LOGS TO FILES within the Linux Security forums, part of the System Security and Security Related category; Hi all... I need to have a report of all connections that have been made from my internet forwarded host ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2004
|
|||
|
|||
IPTABLES, LOGS TO FILES
Hi all...
I need to have a report of all connections that have been made from my internet forwarded host 192.168.0.10. Basically, i need... -Host Name -Host IP -Port Number of the machine my local (192.168.0.10) is accessing, and if we can go to the state of art, i need to store the response of each connection. I mean, if my local net request www.google.com, my server will save the html response into a file too. Thank you all!!! 
|
|
07-07-2004
|
|||
|
|||
|
Re: IPTABLES, LOGS TO FILES
joealey2003@yahoo.com (JoeAley2003) writes:
> Hi all... > > > I need to have a report of all connections that have been made from > my internet forwarded host 192.168.0.10. > > Basically, i need... > > -Host Name > -Host IP > -Port Number > > of the machine my local (192.168.0.10) is accessing, and if we can go > to the state of art, i need to store the response of each connection. > I mean, if my local net request www.google.com, my server will save > the html response into a file too. > > > Thank you all!!! tcpdump, ethereal, ngrep, ... -- Justin Murdock
|
|
07-15-2004
|
|||
|
|||
|
Re: IPTABLES, LOGS TO FILES
JoeAley2003 wrote:
> Hi all... > > > I need to have a report of all connections that have been made from > my internet forwarded host 192.168.0.10. > > Basically, i need... > > -Host Name > -Host IP > -Port Number > > of the machine my local (192.168.0.10) is accessing, and if we can go > to the state of art, i need to store the response of each connection. > I mean, if my local net request www.google.com, my server will save > the html response into a file too. > > > Thank you all!!! Hi. I use iptables to log well known "atacks". For example, to log every ping-of-death attacks I've got this lines in my iptables' configuration script: # Port-Scanner Attack iptables -N Port_Scann iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j Port_Scann iptables -A Port_Scann -m limit --limit 10/s -j LOG --log-level info --log-prefix "Port-Scann: " iptables -A Port_Scann -j DROP I create a new chain because I don't just want to log, I also want to drop those packets. If you just want to log traffic coming from 192.168.0.10 you just need this lines: iptables -A FORWARD -s 192.168.0.10 -j LOG --log-level info --log-prefix "Anything you want: " iptables -A FORWARD -d 192.168.0.10 -j LOG --log-level info --log-prefix "Anything you want: " With this lines you log every traffic that is forwarded from/for your target host. This logs don't say much things to you, you just can seen when your user sends/receives packets. If you want to analyse better the traffic, like you described before (see what sites your user is visiting), you should use a snnifer like Ethereal to filter all the traffic comming for/from the host you want. I hope this can help you. Regards, Nuno Paquete
|
|
07-17-2004
|
|||
|
|||
|
Re: IPTABLES, LOGS TO FILES
"Nuno Paquete" <nmp@ispgaya.pt> ¼¶¼g©ó¶l¥ó
news:40f6e707$0$1766$a729d347@news.telepac.pt... > JoeAley2003 wrote: > > > Hi all... > > > > > > I need to have a report of all connections that have been made from > > my internet forwarded host 192.168.0.10. > > > > Basically, i need... > > > > -Host Name > > -Host IP > > -Port Number > > > > of the machine my local (192.168.0.10) is accessing, and if we can go > > to the state of art, i need to store the response of each connection. > > I mean, if my local net request www.google.com, my server will save > > the html response into a file too. > > > > > > Thank you all!!! > > Hi. > I use iptables to log well known "atacks". > For example, to log every ping-of-death attacks I've got this lines in my > iptables' configuration script: > > # Port-Scanner Attack > iptables -N Port_Scann > iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j Port_Scann > iptables -A Port_Scann -m limit --limit 10/s -j LOG --log-level info > --log-prefix "Port-Scann: " > iptables -A Port_Scann -j DROP > > I create a new chain because I don't just want to log, I also want to drop > those packets. > If you just want to log traffic coming from 192.168.0.10 you just need this > lines: > > iptables -A FORWARD -s 192.168.0.10 -j LOG --log-level info --log-prefix > "Anything you want: " > iptables -A FORWARD -d 192.168.0.10 -j LOG --log-level info --log-prefix > "Anything you want: " > > With this lines you log every traffic that is forwarded from/for your target > host. > This logs don't say much things to you, you just can seen when your user > sends/receives packets. > If you want to analyse better the traffic, like you described before (see > what sites your user is visiting), you should use a snnifer like Ethereal > to filter all the traffic comming for/from the host you want. > > I hope this can help you. > > Regards, > > Nuno Paquete You scripts are very useful for me. Thank you very much. -- ~ Samba, more than a low cost File and Printer server ~ -- Let us OpenSource -- -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
|
Linear Mode
