Date: Tue, 12 Sep 2006 13:45:11 -0700 From: Chuck Swiger <cswiger@mac.com> To: Bart Silverstrim <bsilver@chrononomicon.com> Cc: FreeBSD Mailing Lists <freebsd-questions@freebsd.org> Subject: Re: forwarding as a gateway, logging certain traffic Message-ID: <DCD90032-CBF1-45A7-A0FA-EB7B15F1733E@mac.com> In-Reply-To: <CC7F9A36-1D5B-4064-9E55-7D3A2E36CAB5@chrononomicon.com> References: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com> <20060912160830.b7a91061.wmoran@collaborativefusion.com> <B7DDE980-7DB8-4AB8-AA85-8FD89638469C@mac.com> <CC7F9A36-1D5B-4064-9E55-7D3A2E36CAB5@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 12, 2006, at 1:37 PM, Bart Silverstrim wrote: >> Better to use something like: >> >> ipfw add 1 log tcp from any to me 25 setup >> >> If Bart would like to use tcpdump for the same purpose, consider >> running something like: >> >> tcpdump -nt 'port 25 and (tcp[tcpflags] & tcp-syn != 0)' > > Maybe my ipfw is old; it kept telling me that "log" is an invalid > action. However, I think I may be able to get the tcpdump idea to > work. There's a kernel option you need to enable for IPFW to do logging. If you're kldload'ing the ipfw module, it probably wasn't compiled with IPFW_LOGGING or whatever the exact name is. Anyway, tcpdump should be your friend. :-) -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DCD90032-CBF1-45A7-A0FA-EB7B15F1733E>