iptables syntax to enable logging

Discussion in 'DD-WRT Firmware' started by dellsweig, Nov 5, 2005.

  1. dellsweig

    dellsweig Network Guru Member

    Greetings

    Loaded up V23 11/04 on my WRT54G and loggng no longer functions - either to GUI or syslog

    Way back in the hyperWRT days, I used the following iptables commands to enable logging

    iptables -R INPUT 7 -j logdrop
    iptables -R INPUT 1 -j logdrop -m state --state INVALID

    This syntax no longer works with this Linux version.

    Does anyone know what I can manually enter to get some level of logging running - at least until Brainslayer fixes this bug

    Thanks

    Dan
     
  2. dellsweig

    dellsweig Network Guru Member

    Doe ANYONE have logging working on any V23 11/04 build on any G/GS platform??
     
  3. 4Access

    4Access Network Guru Member

    The last few days and through the next 2 weeks are really busy for me but I'll try to find time to test logging tomorrow.

    Update: I just read through the V23 beta 04.11.2005 Bug Reports thread and noticed that there seems to be a lot more bugs than usual... I think I'm going to wait for the next build since I have a feeling something may have gotten goofed up in this release.
     
  4. dellsweig

    dellsweig Network Guru Member

    OK - iptables output for both 11/04 and 10/27 builds.
    10/27 - logging works
    11/04 - logging does not work

    (Notice the different versions of BusyBox - I wonder if that is the problem)

    How about one of you iptables gurus telling us why??




    Here is iptables -L from 11/04 (logging does not work)


    yak login: root
    Password:
    ---------------------------------------------------------------

    DD-WRT build #23
    some code portions OpenWRT and EWRT
    additional thanks to Cesar Gonzales, Toxic,
    Elektik, MBChris, Nbd
    and all the wonderfull supporters of this Project


    http://www.dd-wrt.com

    ---------------------------------------------------------------


    BusyBox v1.01 (2005.11.01-14:52+0000) Built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    ~ # iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTAB
    LISHED
    DROP udp -- anywhere anywhere udp dpt:route
    DROP udp -- anywhere anywhere udp dpt:route
    ACCEPT udp -- anywhere anywhere udp dpt:route
    ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:https
    logaccept tcp -- anywhere anywhere tcp dpt:ssh
    logdrop icmp -- anywhere anywhere
    ACCEPT igmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state NEW
    logaccept all -- anywhere anywhere state NEW
    logdrop all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    logdrop all -- anywhere anywhere state INVALID
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S
    YN tcpmss match 1461:65535 TCPMSS set 1460
    lan2wan all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state RELATED,ESTAB
    LISHED
    logaccept udp -- anywhere BASE-ADDRESS.MCAST.NET/4 udp
    TRIGGER all -- anywhere anywhere TRIGGER type:in mat
    ch:0 relate:0
    trigger_out all -- anywhere anywhere
    logaccept all -- anywhere anywhere state NEW
    logdrop all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain advgrp_1 (0 references)
    target prot opt source destination

    Chain advgrp_10 (0 references)
    target prot opt source destination

    Chain advgrp_2 (0 references)
    target prot opt source destination

    Chain advgrp_3 (0 references)
    target prot opt source destination

    Chain advgrp_4 (0 references)
    target prot opt source destination

    Chain advgrp_5 (0 references)
    target prot opt source destination

    Chain advgrp_6 (0 references)
    target prot opt source destination

    Chain advgrp_7 (0 references)
    target prot opt source destination

    Chain advgrp_8 (0 references)
    target prot opt source destination

    Chain advgrp_9 (0 references)
    target prot opt source destination

    Chain grp_1 (0 references)
    target prot opt source destination

    Chain grp_10 (0 references)
    target prot opt source destination

    Chain grp_2 (0 references)
    target prot opt source destination

    Chain grp_3 (0 references)
    target prot opt source destination

    Chain grp_4 (0 references)
    target prot opt source destination

    Chain grp_5 (0 references)
    target prot opt source destination

    Chain grp_6 (0 references)
    target prot opt source destination

    Chain grp_7 (0 references)
    target prot opt source destination

    Chain grp_8 (0 references)
    target prot opt source destination

    Chain grp_9 (0 references)
    target prot opt source destination

    Chain lan2wan (1 references)
    target prot opt source destination

    Chain logaccept (4 references)
    target prot opt source destination
    LOG all -- anywhere anywhere state NEW LOG level
    warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
    ACCEPT all -- anywhere anywhere

    Chain logdrop (4 references)
    target prot opt source destination
    LOG all -- anywhere anywhere state NEW LOG level
    warning tcp-sequence tcp-options ip-options prefix `DROP '
    LOG all -- anywhere anywhere state INVALID LOG l
    evel warning tcp-sequence tcp-options ip-options prefix `DROP '
    DROP all -- anywhere anywhere

    Chain logreject (0 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level warning t
    cp-sequence tcp-options ip-options prefix `WEBDROP '
    REJECT tcp -- anywhere anywhere tcp reject-with tcp
    -reset

    Chain trigger_out (1 references)
    target prot opt source destination
    ~ #

    Connection to host lost.

    C:\Documents and Settings\Dan>


    ################################################

    Here is iptables -L from 10/27 build - same configuration - logging works


    yak login: root
    Password:
    ---------------------------------------------------------------

    DD-WRT build #23
    some code portions OpenWRT and EWRT
    additional thanks to Cesar Gonzales, Toxic,
    Elektik, MBChris, Nbd
    and all the wonderfull supporters of this Project


    http://www.dd-wrt.com

    ---------------------------------------------------------------


    BusyBox v1.01 (2005.10.26-16:17+0000) Built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    ~ # iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTAB
    LISHED
    DROP udp -- anywhere anywhere udp dpt:route
    DROP udp -- anywhere anywhere udp dpt:route
    ACCEPT udp -- anywhere anywhere udp dpt:route
    ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:https
    logaccept tcp -- anywhere anywhere tcp dpt:ssh
    logdrop icmp -- anywhere anywhere
    ACCEPT igmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state NEW
    logaccept all -- anywhere anywhere state NEW
    logdrop all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    logdrop all -- anywhere anywhere state INVALID
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S
    YN tcpmss match 1461:65535 TCPMSS set 1460
    lan2wan all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state RELATED,ESTAB
    LISHED
    logaccept udp -- anywhere BASE-ADDRESS.MCAST.NET/4 udp
    TRIGGER all -- anywhere anywhere TRIGGER type:in mat
    ch:0 relate:0
    trigger_out all -- anywhere anywhere
    logaccept all -- anywhere anywhere state NEW
    logdrop all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain advgrp_1 (0 references)
    target prot opt source destination

    Chain advgrp_10 (0 references)
    target prot opt source destination

    Chain advgrp_2 (0 references)
    target prot opt source destination

    Chain advgrp_3 (0 references)
    target prot opt source destination

    Chain advgrp_4 (0 references)
    target prot opt source destination

    Chain advgrp_5 (0 references)
    target prot opt source destination

    Chain advgrp_6 (0 references)
    target prot opt source destination

    Chain advgrp_7 (0 references)
    target prot opt source destination

    Chain advgrp_8 (0 references)
    target prot opt source destination

    Chain advgrp_9 (0 references)
    target prot opt source destination

    Chain grp_1 (0 references)
    target prot opt source destination

    Chain grp_10 (0 references)
    target prot opt source destination

    Chain grp_2 (0 references)
    target prot opt source destination

    Chain grp_3 (0 references)
    target prot opt source destination

    Chain grp_4 (0 references)
    target prot opt source destination

    Chain grp_5 (0 references)
    target prot opt source destination

    Chain grp_6 (0 references)
    target prot opt source destination

    Chain grp_7 (0 references)
    target prot opt source destination

    Chain grp_8 (0 references)
    target prot opt source destination

    Chain grp_9 (0 references)
    target prot opt source destination

    Chain lan2wan (1 references)
    target prot opt source destination

    Chain logaccept (4 references)
    target prot opt source destination
    LOG all -- anywhere anywhere state NEW LOG level
    warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
    ACCEPT all -- anywhere anywhere

    Chain logdrop (4 references)
    target prot opt source destination
    LOG all -- anywhere anywhere state NEW LOG level
    warning tcp-sequence tcp-options ip-options prefix `DROP '
    LOG all -- anywhere anywhere state INVALID LOG l
    evel warning tcp-sequence tcp-options ip-options prefix `DROP '
    DROP all -- anywhere anywhere

    Chain logreject (0 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level warning t
    cp-sequence tcp-options ip-options prefix `WEBDROP '
    REJECT tcp -- anywhere anywhere tcp reject-with tcp
    -reset

    Chain trigger_out (1 references)
    target prot opt source destination
    ~ #
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice