Michael, A mistake on my part.. wasn't trying to hide the internal ip/ports... per your input... the following is what is listed in the /var/log/messages file (i left out some of the earlier stuff for the sake of brevity) ( iptables --insert INPUT --in-interface eth0 --protocol tcp --destination-port http --jump LOG --log-level info --log-prefix "www in: " ) gets:... ---------------------------------------------------------------------------- --- Jan 18 12:58:37 lserver2 iptables: succeeded Jan 18 12:58:37 lserver2 last message repeated 2 times Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30800 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=16384 RES=0x00 SYN U RGP=0 Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30802 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=17520 RES=0x00 ACK U RGP=0 Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=295 TOS=0x00 PREC=0x00 TTL=128 ID=30803 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=17520 RES=0x00 ACK PSH URGP=0 Jan 18 14:43:29 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30807 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=16646 RES=0x00 ACK U RGP=0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31368 DF PROTO=TCP SPT=1610 DPT=80 WINDOW=17520 RES=0x00 ACK U RGP=0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31369 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=16646 RES=0x00 ACK U RGP=0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31370 DF PROTO=TCP SPT=1610 DPT=80 WINDOW=0 RES=0x00 RST URGP= 0 Jan 18 14:43:44 lserver2 kernel: www in: IN=eth0 OUT= MAC=00:03:47:63:41:aa:00:c0:4f:02:50:15:08:00 SRC=192.168.1.3 DST=192.168.1.52 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31371 DF PROTO=TCP SPT=1611 DPT=80 WINDOW=0 RES=0x00 RST URGP= 0 --------------------------------------------------------------------------- --------- so.. the question is.. do i have something configured incorrectly?? thanks -bruce -----Original Message----- From: psyche-list-admin@redhat.com [mailto:psyche-list-admin@redhat.com]On Behalf Of Michael Schwendt Sent: Saturday, January 18, 2003 1:27 PM To: psyche-list@redhat.com Subject: Re: linux security/network issue.... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 18 Jan 2003 12:36:28 -0800, Bruce Douglas wrote: > [root@lserver2 root]# ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:03:47:63:41:AA > inet addr:192.168.1.52 Bcast:192.168.1.255 > Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Raises the question why you wrote "192.222.33.4" in your original posting? ;) There's absolutely no need to not tell your internal IP addresses. It justs adds plenty of confusion upon trouble-shooting. Same applies to your router. Originally, you wrote it is at 198.222.33.1, actually it is at 192.168.1.1. All that doesn't help understanding your network configuration. > the router (Linksys BEFN2PS4) is pretty straightford to configure for > the Port Forwarding. And, as I mentioned, everything works when I > forward the port to a Windows box. We'll see. > Is there any way/log file that I could look at which would tell me if > the linux box sees anything coming from the router??? Type this in, everything on one line: iptables --insert INPUT --in-interface eth0 --protocol tcp --destination-port http --jump LOG --log-level info --log-prefix "www in: " With default configuration of syslogd you should see packet filter log messages in /var/log/messages when you access port 80 of your Linux box. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Kca10iMVcrivHFQRAp2iAJ9hzfHPLxqBDXu/wg0b7W52vIJ3gQCfRMl6 UUD7WgAq/icJp4gBxQd6Txc= =xth0 -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
