Hi,
I'm trying to enable firewall logging on Suse 9.3 to diagnose whether I am reaching my server smtp port 25.
I thought I could just go to the 'Logging Level' part of yast firewall configuration, and turn on 'Log All' for both 'Logging Accepted Packets' and 'Logging Not Accepted Packets', then I would get a ton of entries in /var/log/messages. Since I thought this catch all would put it there:
# save the rest in one file
#
*.*;mail.none;news.none -/var/log/messages
But there no firewall entries at all in /var/log/messages having confirmed the above config. Or in any other /var/log come to that.
Then I tried putting "kern.=debug /var/log/firewall", as per another thread on this site, but there was nothing in that log file either. Restarted syslog after making the change.
The only firewall config I have done is to enable HTTP/(S) Server, IMAP/(S) Server, Mail Server.
My firewall interfaces are set at:
Device │Interface or String│Configured In
<blank> │venet0 │No Zone Assigned
Custom string│any │External Zone
.. Where venet0 is the network interface handling all my Ip's on this VPS box.
The firewall is definitely running.. runlevels said so, and I can block up/blow holes in ports with the expected results.
No Masquerading, IPSec, Broadcast either. Really simple config.
Any pointers as to where I could start looking please ? I'm stumped.
thanks,
Jon.
Code:
# ------------------------------------------------------------------------
## Path: Network/Firewall/SuSEfirewall2
## Description: SuSEfirewall2 configuration
## Type: string
## Default: any
#
# 2.)
# Which are the interfaces that point to the internet/untrusted
# networks?
FW_DEV_EXT="any"
# 3.)
# Which are the interfaces that point to the internal network?
#
FW_DEV_INT=""
# 4.)
# Which are the interfaces that point to the dmz or dialup network?
FW_DEV_DMZ=""
# 5.)
# Should routing between the internet, dmz and internal network be
# activated?
FW_ROUTE="no"
# 6.)
# Do you want to masquerade internal networks to the outside?
FW_MASQUERADE="no"
# 6a.)
# You must also define on which interfaces to masquerade on. Those
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
#
# 7.)
# Do you want to protect the firewall from the internal network?
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="10000 1968 4643 http https imap imaps smtp"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_REJECT_EXT="0/0,tcp,113"
FW_SERVICES_ACCEPT_EXT=""
# 10.)
# Which services should be accessible from 'trusted' hosts or nets?
FW_TRUSTED_NETS=""
# 11.)
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
# 13.)
# Which services or networks are allowed to be routed through the
# firewall, no matter which zone they are in?
FW_FORWARD=""
# 14.)
# Which services accessed from the internet should be allowed to masqueraded
FW_FORWARD_MASQ=""
## Type: string
#
# 15.)
# Which accesses to services should be redirected to a local port on
# the firewall machine?
FW_REDIRECT=""
# 16.)
# Which kind of packets should be logged?
#
# When set to "yes", packages that got dropped and are considered
# 'critical' will be logged. Such packets include for example
# spoofed packets, tcp connection requests and certain icmp types.
#
# defaults to "yes" if not set
#
FW_LOG_DROP_CRIT="yes"
## Type: yesno
## Default: no
#
# whether all dropped packets should be logged
#
# Note: for broadcasts to be logged you also need to set
# FW_IGNORE_FW_BROADCAST_* to 'no'
#
# defaults to "no" if not set
#
FW_LOG_DROP_ALL="yes"
## Type: yesno
## Default: yes
#
# When set to "yes", packages that got accepted and are considered
# 'critical' will be logged. Such packets include for example tcp
# connection requests, rpc connection requests, access to high
# udp/tcp port and forwarded pakets.
#
# defaults to "yes" if not set
#
FW_LOG_ACCEPT_CRIT="yes"
## Type: yesno
## Default: no
#
# whether all accepted packets should be logged
#
# Note: setting this to 'yes' causes _LOTS_ of log entries and may
# fill your disk quickly. It also disables FW_LOG_LIMIT
#
# defaults to "no" if not set
#
FW_LOG_ACCEPT_ALL="yes"
## Type: string
#
# How many packets per time unit get logged for each logging rule.
# When empty a default of 3/minute is used to prevent port scans
# flooding your log files. For desktop usage it's a good idea to
# have the limit, if you are using logfile analysis tools however
# you might want to disable it.
#
# Set to 'no' to disable the rate limit. Setting FW_LOG_ACCEPT_ALL
# to 'yes' disables this option as well.
#
# Format: a digit and suffix /second, /minute, /hour or /day
FW_LOG_LIMIT=""
## Type: string
#
# iptables logging option. Must end with --log-prefix and some prefix
# characters
#
# only change this if you know what you are doing!
FW_LOG=""
## Type: yesno
## Default: yes
#
# 17.)
# Do you want to enable additional kernel TCP/IP security features?
FW_KERNEL_SECURITY="yes"
# 18.)
# Keep the routing set on, if the firewall rules are unloaded?
FW_STOP_KEEP_ROUTING_STATE="no"
# 19.)
# Allow the firewall to reply to icmp echo requests
FW_ALLOW_PING_FW="yes"
# 19a.)
# Allow hosts in the dmz to be pinged by internal and external hosts
FW_ALLOW_PING_DMZ="no"
# 19b.)
FW_ALLOW_PING_EXT="no"
##
# END of /etc/sysconfig/SuSEfirewall2
##
# #
#-------------------------------------------------------------------------#
# #
# EXPERT OPTIONS - all others please don't change these! #
# #
#-------------------------------------------------------------------------#
# #
(I didn't!!!)