iptables logging

saavik · 09-10-2007, 07:52 AM

Hello!

I need a PC sitting as a man-in-the-middle logging all the ip-Traffic as we have some strange connection problems.

I tought that I could use a fli4l pc but it does not work.

I would like to have a transperent bridge logging with tcpdump.

Could somebody help ?

I tried:

Quote:

echo "1" > /proc/sys/net/ipv4/ip_forward
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD

I have two eth`s

Quote:

ifconfig
eth0 Link encap:Ethernet HWaddr XXXXXXXXXXXXXXXXX
inet addr:10.99.99.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:107643 errors:0 dropped:0 overruns:0 frame:0
TX packets:388 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9516802 (9.0 MiB) TX bytes:34297 (33.4 KiB)
Interrupt:11 Base address:0x2000

eth1 Link encap:Ethernet HWaddr XXXXXXXXXXXXXXXXX
inet addr:10.99.99.2 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3566 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:213960 (208.9 KiB) TX bytes:0 (0.0 B)
Interrupt:5 Base address:0x2080

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:188 errors:0 dropped:0 overruns:0 frame:0
TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:20818 (20.3 KiB) TX bytes:20818 (20.3 KiB)

And I think here is the mistake, isn`t it?
Thanks

acid_kewpie · 09-11-2007, 02:06 AM

what's the mistake? what's going wrong? you don't use ip forwarding on a bridge, only a router. similarily, when bridging you'd use ebtables to interfere with traffic, not iptables.

saavik · 09-11-2007, 02:15 AM

Well the pagages are not forwarded.

pc ---> eth0 Bridge eth1---> pc2

I can not ping pc2 form pc.

But i will take a look at this soon an write more infos.

acid_kewpie · 09-11-2007, 02:25 AM

well there's no bridge configured at all by the look of it... check out the bridging howto.

saavik · 09-11-2007, 02:37 AM

Well, sure, thats true ...
i am just searching for a "advanced network" package für fli4l to create the br0 interface.....

saavik · 09-13-2007, 01:49 AM

So i finally got it working.

It is not to hard installing it with fli4l (which is really great for such a job).

All you need is the advanced_network package.