Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Apr 2004 09:34:01 +0200
From:      Remko Lodder <remko@elvandar.org>
To:        dave <dmehler26@woh.rr.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ipmon logging as well
Message-ID:  <408F5E69.1070309@elvandar.org>
In-Reply-To: <000201c42cd7$32100d00$0200a8c0@satellite>
References:  <20040427165617.736E016A4EB@hub.freebsd.org> <Pine.LNX.4.56.0404271548360.6243@Mira.dandy.net> <408EC09C.3010407@elvandar.org> <Pine.LNX.4.56.0404271625500.16311@Mira.dandy.net> <408EC59D.3070503@elvandar.org> <000201c42cd7$32100d00$0200a8c0@satellite>

next in thread | previous in thread | raw e-mail | index | archive | help
Hey dave,

> does not run ipnat just ipfilter and ipmon. I've got:

this have to be in rc.conf for ipnat:

ipnat_enable="NO"               # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat"     # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules"  # rules definition file for ipnat
ipnat_flags=""                  # additional flags for ipnat


> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
> compiled in to my kernel. And in rc.conf:
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags="" (Note, i thought this one was suppose to resolve a problem
> of a duplicate ipfilter startup message, about already being initialized?)
> ipmon_enable="YES"
> ipmon_flags="-D /var/log/ipf.log"
> In the /etc/rc.d/ipfilter script i added ipmon to the end of the require:
> line and in the ipmon script i added ipfilter. On boot i get a message that
> says enabling ipfilter, default = block all, logging = enabled. A little
> later i get the message:

I think that you need to place ipfilter in the ipmon /etc/rc.d file, and 
not ipmon in the ipfilter file. Why? Since it gets started twice now 
imho, Could you try that?

> Enabling ipfilter
> ioctl(SIOCIPFL6):Invalid argument
> and it does not work.
>     Suggestions welcome, also when i get this working i'd like for newsyslog
> to rotate this log file, but the last time i tried this newsyslog rotated
> the file yet kept the original pointer open and kept logging to the old
> file.

You should add -U

"U       indicates that the file specified by path_to_pid_file
          will contain the id for a process group, instead of a
          process.  This option also requires that the first line
          in that file must be a negative value, to distinguish it
          from a value for a process id."

for example:

/var/log/ipfilter.log                        640  7     *    @T00  U 
/path/to/pidfile

(I used /var/log/maillog as example).

> Thanks.
> Dave.

No problem,
Cheers!

-- 
--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the 
hackerscene



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?408F5E69.1070309>