Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
281282283284285286287288289290
Appendix B – System Log
284
To log permitted inbound access requests to services hosted on the SG unit, the rule
should look something like this:
iptables -I INPUT -j LOG -p tcp --syn -s <X.X.X.X/XX> -d
<Y.Y.Y.Y/YY> --dport <Z> --log-prefix <prefix>
This logs any TCP (-p tcp) session initiations (--syn) that arrive from the IP
address/netmask X.X.X.X/XX (-s ...) and are going to Y.Y.Y.Y/YY, destination port Z (--
dport).
For example, to log all inbound access requests from anywhere on the Internet
(0.0.0.0/0) to the PPTP service (port 1723) on the SG unit (IP address 1.2.3.4):
iptables -I INPUT -j LOG -p tcp --syn -s 0.0.0.0/0 -d 1.2.3.4 -
-dport 1723 --log-prefix "Internet PPTP access: "
To find the resultant log entry in the logs, simply search for the prefix, in this instance
"Internet PPTP access: ".
If for example site 192.0.1.2 attempted to access the SG unit’s PPTP port, the resultant
log message would look something like this:
<12> Jan 24 17:19:17 2000 klogd: Internet PPTP access: IN=eth0
OUT= MAC=00:d0:cf:00:07:03:00:50:bf:20:66:4d:08:00 SRC=
DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43470 DF
PROTO=TCP SPT=4508 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
Note how OUT is set to nothing. This indicates that the packet was attempting to reach a
service on the SG unit, rather than attempting to pass through it.
A very similar scenario occurs for logging access requests that are attempting to pass
through the SG unit. It merely requires replacing the INPUT keyword with FORWARD.
Thus, to log permitted inbound requests to services hosted on a server behind the SG
unit, or outbound requests to services on a public network server, use:
iptables -I FORWARD -j LOG -p tcp --syn -s <X.X.X.X/XX> -d
<Y.Y.Y.Y/YY> --dport <Z> --log-prefix <prefix>
For example, to log all inbound requests from the IP address 5.6.7.8 to the mail server
(port 25) on the machine flubber on the LAN with address 192.168.1.1:
iptables -I FORWARD -j LOG -p tcp --syn -s 5.6.7.8/32 -d
192.168.1.1 --dport 25 --log-prefix "Mail for flubber: "