 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
07-07-2004, 05:43 AM
|
IPTABLES, LOGS TO FILES
Hi all...
I need to have a report of all connections that have been made from my internet forwarded host 192.168.0.10. Basically, i need... -Host Name -Host IP -Port Number of the machine my local (192.168.0.10) is accessing, and if we can go to the state of art, i need to store the response of each connection. I mean, if my local net request www.google.com, my server will save the html response into a file too. Thank you all!!! JoeAley2003 
|
|
#2
07-07-2004, 12:35 PM
|
|||
|
|||
|
Re: IPTABLES, LOGS TO FILES
(E-Mail Removed) (JoeAley2003) writes:
> Hi all... > > > I need to have a report of all connections that have been made from > my internet forwarded host 192.168.0.10. > > Basically, i need... > > -Host Name > -Host IP > -Port Number > > of the machine my local (192.168.0.10) is accessing, and if we can go > to the state of art, i need to store the response of each connection. > I mean, if my local net request www.google.com, my server will save > the html response into a file too. > > > Thank you all!!! tcpdump, ethereal, ngrep, ... -- Justin Murdock
|
|
#3
07-15-2004, 10:20 PM
|
|||
|
|||
|
Re: IPTABLES, LOGS TO FILES
JoeAley2003 wrote:
> Hi all... > > > I need to have a report of all connections that have been made from > my internet forwarded host 192.168.0.10. > > Basically, i need... > > -Host Name > -Host IP > -Port Number > > of the machine my local (192.168.0.10) is accessing, and if we can go > to the state of art, i need to store the response of each connection. > I mean, if my local net request www.google.com, my server will save > the html response into a file too. > > > Thank you all!!! Hi. I use iptables to log well known "atacks". For example, to log every ping-of-death attacks I've got this lines in my iptables' configuration script: # Port-Scanner Attack iptables -N Port_Scann iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j Port_Scann iptables -A Port_Scann -m limit --limit 10/s -j LOG --log-level info --log-prefix "Port-Scann: " iptables -A Port_Scann -j DROP I create a new chain because I don't just want to log, I also want to drop those packets. If you just want to log traffic coming from 192.168.0.10 you just need this lines: iptables -A FORWARD -s 192.168.0.10 -j LOG --log-level info --log-prefix "Anything you want: " iptables -A FORWARD -d 192.168.0.10 -j LOG --log-level info --log-prefix "Anything you want: " With this lines you log every traffic that is forwarded from/for your target host. This logs don't say much things to you, you just can seen when your user sends/receives packets. If you want to analyse better the traffic, like you described before (see what sites your user is visiting), you should use a snnifer like Ethereal to filter all the traffic comming for/from the host you want. I hope this can help you. Regards, Nuno Paquete
|
 |
| Tags |
| files, iptables, logs |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
