10/15 Hello Pete Nesbitt, Thank You for the response. I am sorry that I did not include the problem-details from the eariler mail for reference. Hence please disregard the earlier mail with the same subject. Clarification: The gateway's external interface is 'eth1'. The internal interface is 'eth0'. Hence your interpretation is right. a) Log for testing purpose, all syslog traffic from gateway to logserver going out through *eth0* to inside. Hence the rule is in the OUTPUT chain as the traffic outputs to *eth0* to reach the internal network. b) I know the second rule is wrong. I wanted a rule that logs all traffic going to inside through *eth0*, but NOT udp 514 traffic, as it is dealt in the earlier rule. Thanks. Reference: 10/14 Hello, I needed to send my syslog from 192.16.1.10 (firewall/GW) to 192.168.1.3, the logserver. The syslogging worked. But since I am monitoring all connections going to the internal network(eth0) from outside, the log was filled with the syslog connections from the gateway to the logserver. So I gave 2 rules to help me with that: To log the syslog traffic (just testing syslog) #$IPTABLES -A OUTPUT -o eth0 -p udp -s 192.168.1.10/32 --source-port 514 -d 192.168.1.3/32 --destination-port 514 -m limit --limit 15/minute --limit-burst 10 -j LOG --log-prefix "Syslog traffictoTest: " # Log packets going to 192.168.1.0 (Rule I really need to log inbound traffic) #$IPTABLES -A OUTPUT -o eth0 -p udp --destination-port ! 514 -m limit --limit 1/second --limit-burst 10 -j LOG --log-prefix "Output packetsToTest: " # Log packets entering testnet except udp 514 for syslog ---------------- The Problem: ----------------- Only the syslog traffic is received. I lost all logging of inbound traffic. I would appreciate some help on this. Thanks. Menon -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
