ipfw console messages

Norm Vilmer norm at etherealconsulting.com
Fri Oct 1 06:57:31 PDT 2004 

Subhro wrote:
> Could we have a look at the syslof configuration file?
> 
> Regards
> S.
> 
> 
> On Thu, 30 Sep 2004 12:09:40 -0500, Norm Vilmer
> <norm at etherealconsulting.com> wrote:
> 
>>
>>Norm Vilmer wrote:
>>
>>
>>>I have been running a IPFW firewall on FreeBSD 4.10 for a few weeks
>>>now. For some reason a few connection attempts are showing up on the
>>>console rather than going to the log file. I can't seem to figure out
>>>why. Any ideas?
>>>
>>>I have tried adding the 'log' key word to every deny statement in my
>>>IPFW firewall config file. For the most part all denied packets are
>>>logged to /var/log/ipfw.log. But about 3-12 per night are not. These
>>>also show up in the security run output email as kernel log messages.
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>freebsd-questions at freebsd.org mailing list
>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>To unsubscribe, send any mail to
>>>"freebsd-questions-unsubscribe at freebsd.org"
>>>
>>
>>More info: my kernel is compiled with these option:
>>
>>option  TCP_DROP_SYNFIN
>>option  ICMP_BANDLIM
>>option  IPFIREWALL
>>option  IPFIREWALL_VERBOSE
>>option  IPDIVERT
>>option  RANDOM_IP_ID
>>
>>
>>
>>_______________________________________________
>>freebsd-questions at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
> 
> 
> 
> 
I dont think it is a login problem. I made only one change to the 
syslog.conf file, I added

!ipfw
*.*				/var/log/ipfw.log

Ok, I did an experiment. I added
${cmd} add 10 pass TCP from any to ${oif}

where oif is my outside/public ip.

Then I attempted an FTP connection to my public ip from
another machine.

This popped up on the console.

Connection attempt to TCP <my public ip>:21 from <my other machine>:3079 
flags:0x02

Now I get it <light bulb glowing above my head>, the message on the
console are connection attempts that get through the firewall but no
service is running on the port.

need to look at my rules

More information about the freebsd-questions mailing list