Date: Tue, 12 Sep 2006 16:46:20 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: Chuck Swiger <cswiger@mac.com> Cc: FreeBSD Mailing Lists <freebsd-questions@freebsd.org> Subject: Re: forwarding as a gateway, logging certain traffic Message-ID: <7869C6E1-55F9-4028-AE9B-C0ED8044BA48@chrononomicon.com> In-Reply-To: <DCD90032-CBF1-45A7-A0FA-EB7B15F1733E@mac.com> References: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com> <20060912160830.b7a91061.wmoran@collaborativefusion.com> <B7DDE980-7DB8-4AB8-AA85-8FD89638469C@mac.com> <CC7F9A36-1D5B-4064-9E55-7D3A2E36CAB5@chrononomicon.com> <DCD90032-CBF1-45A7-A0FA-EB7B15F1733E@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 12, 2006, at 4:45 PM, Chuck Swiger wrote: > On Sep 12, 2006, at 1:37 PM, Bart Silverstrim wrote: >>> Better to use something like: >>> >>> ipfw add 1 log tcp from any to me 25 setup >>> >>> If Bart would like to use tcpdump for the same purpose, consider >>> running something like: >>> >>> tcpdump -nt 'port 25 and (tcp[tcpflags] & tcp-syn != 0)' >> >> Maybe my ipfw is old; it kept telling me that "log" is an invalid >> action. However, I think I may be able to get the tcpdump idea to >> work. > > There's a kernel option you need to enable for IPFW to do logging. > If you're kldload'ing the ipfw module, it probably wasn't compiled > with IPFW_LOGGING or whatever the exact name is. I had set the verbosity (I think that was the parameter) from googling around earlier, but that doesn't seem to help. I'm probably missing an option somewhere else. But you're right...tcpdump will be my friend :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7869C6E1-55F9-4028-AE9B-C0ED8044BA48>