iptables not logging

cr-atlanta · 01-22-2013, 08:18 PM

Hi everybody,

So I know that "iptables not logging" is a prettty frequent post - I've tried to diagnose this ad nauseam with no avail - so I'm sorry for adding yet one more post about iptables not logging to the internet.

I have a simple server setup - Apache, vsFTPd, and MySQL. I have rigged iptables, successfully, to allow connections to those services and drop all others - I just can't get it to log the dropped, or any other, connections. Syslog-ng is working well, from what I can tell - and my configuration is pretty simple, so I can't figure out what is going on. I would be delighted if somebody can shed some light on my situation. My understanding is that my configuration will log all dropped connections. Here's some relevant commands:

Code:

gentoo / # ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.1.201  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::21c:42ff:fe2a:82c8  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:42:2a:82:c8  txqueuelen 1000  (Ethernet)
        RX packets 5768  bytes 697118 (680.7 KiB)
        RX errors 0  dropped 9  overruns 0  frame 0
        TX packets 2504  bytes 438728 (428.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 12  bytes 720 (720.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12  bytes 720 (720.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


gentoo / # /etc/init.d/syslog-ng restart
 * Stopping syslog-ng ...                                                                                                                                                                                                               [ ok ]
 * Starting syslog-ng ...                                                                                                                                                                                                               [ ok ]


gentoo / # /etc/init.d/iptables restart
 * WARNING: you are stopping a boot service
 * Saving iptables state ...                                                                                                                                                                                                            [ ok ]
 * Stopping firewall ...                                                                                                                                                                                                                [ ok ]
 * Loading iptables state and starting firewall ...                                                                                                                                                                                     [ ok ]


gentoo / # iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   14   892 ACCEPT     all  --  lo     any     anywhere             anywhere            
 8361  627K ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    1    52 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http
    3   228 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
   12   768 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ftp
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:mysql
  254 17258 DROP       all  --  any    any     anywhere             anywhere            
    0     0 LOG        all  --  any    any     anywhere             anywhere             LOG level warning

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 178 packets, 21032 bytes)
 pkts bytes target     prot opt in     out     source               destination         


gentoo / # tail /var/log/messages 
Jan 22 21:02:29 localhost syslog-ng[12756]: syslog-ng starting up; version='3.2.5'
Jan 22 21:02:35 localhost syslog-ng[12756]: Termination requested via signal, terminating;
Jan 22 21:02:35 localhost syslog-ng[12756]: syslog-ng shutting down; version='3.2.5'
Jan 22 21:02:36 localhost syslog-ng[12786]: syslog-ng starting up; version='3.2.5'
Jan 22 21:02:39 localhost /etc/init.d/iptables[12789]: WARNING: you are stopping a boot service
Jan 22 21:05:50 localhost /etc/init.d/iptables[12841]: WARNING: you are stopping a boot service
Jan 22 21:09:23 localhost syslog-ng[12786]: Termination requested via signal, terminating;
Jan 22 21:09:23 localhost syslog-ng[12786]: syslog-ng shutting down; version='3.2.5'
Jan 22 21:09:24 localhost syslog-ng[12937]: syslog-ng starting up; version='3.2.5'
Jan 22 21:09:31 localhost /etc/init.d/iptables[12940]: WARNING: you are stopping a boot service

charles$ telnet 10.0.1.201 81
Trying 10.0.1.201...
telnet: connect to address 10.0.1.201: Operation timed out
telnet: Unable to connect to remote host
(this command of from another machine)

gentoo / # tail /var/log/messages 
Jan 22 21:02:35 localhost syslog-ng[12756]: Termination requested via signal, terminating;
Jan 22 21:02:35 localhost syslog-ng[12756]: syslog-ng shutting down; version='3.2.5'
Jan 22 21:02:36 localhost syslog-ng[12786]: syslog-ng starting up; version='3.2.5'
Jan 22 21:02:39 localhost /etc/init.d/iptables[12789]: WARNING: you are stopping a boot service
Jan 22 21:05:50 localhost /etc/init.d/iptables[12841]: WARNING: you are stopping a boot service
Jan 22 21:09:23 localhost syslog-ng[12786]: Termination requested via signal, terminating;
Jan 22 21:09:23 localhost syslog-ng[12786]: syslog-ng shutting down; version='3.2.5'
Jan 22 21:09:24 localhost syslog-ng[12937]: syslog-ng starting up; version='3.2.5'
Jan 22 21:09:31 localhost /etc/init.d/iptables[12940]: WARNING: you are stopping a boot service
Jan 22 21:10:01 localhost cron[12978]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)

So here I am just refreshing syslog and iptables, showing my config, then connecting from another machine (actually the same physical machine, my Gentoo install is on a VM with a separate IP address), and showing that /var/log/messages is the same.

I'm so confused - can anybody point me in the right direction?

Thank you very much!

unSpawn · 01-23-2013, 08:28 AM

Quote:

Originally Posted by cr-atlanta

Thank you very much!

Yes, and thank you for not cross-posting threads.

Post your thread once and in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread should be closed because it is a duplicate of http://www.linuxquestions.org/questi...el-4175446824/.