Apologies, I accidentally sent while trying to insert... Doh! On Friday 14 February 2003 01:49 am, Jean-Christian Imbeault wrote: > I've written my first set of iptable rules but they're still buggy =) > I keep locking myself out. So I'm trying to enable logging to see why > I can't SSH to my box but I can't seem to get logging to work. > > I have set the default policy to DROP and added only ACCEPT rules, so > nothing gets DROPPED or REJECTED before making to the last (logging) > rule. The last rule should LOG anything that didn't match ... but I > can't find any iptables entries in /var/log/messages ... > > Two questions: > > #1 why isn't logging working See below. > #2 What is wrong with my rules :) > I don't control the Firewall. But it's settings are fine I think since > I can connect from JC <-> LINUX just fine. But if I try my iptable > rules I lock myself out. LAN ---- FIREWALL ---- WAN | | | | JC LINUX Is LINUX the firewall box itself, or another machine on the other side of it from JC? If the latter, are your iptables rules invoked on the firewall, or on LINUX? Remember that INPUT and OUTPUT are only for traffic to and from the firewall box itself, FORWARD is for traffic going THROUGH from a machine on one side to a machine on the other. If the rules you listed are used on FIREWALL in your diagram, since you don't have any FORWARD rules to ACCEPT anything, then NO communications will be permitted from LAN to WAN or WAN to LAN. > Yet even when I telnet to my machine I don't see any iptables related > messages ... Try "kern.=debug" instead. And you will need to restart the syslogd daemon after changing it, probably with "service syslog restart". j
