forwarding as a gateway, logging certain traffic
Bart Silverstrim
bsilver at chrononomicon.com
Tue Sep 12 13:43:01 PDT 2006
On Sep 12, 2006, at 4:28 PM, Chuck Swiger wrote:
> On Sep 12, 2006, at 1:08 PM, Bill Moran wrote:
>>> Is there some way to get the FreeBSD system to log machines using
>>> port 25 without interfering with the FreeBSD machine's filtering of
>>> email function? Or at least make the traffic visible to sniffing
>>> with tcpdump or wireshark or ethereal?
>>
>> Off the top of my head ...
>> ipfw add 25 log tcp from any to any 25
>> should work. There are certain kernel configs you have to have in
>> place for logging to work, though.
>
> Better to use something like:
>
> ipfw add 1 log tcp from any to me 25 setup
>
> If Bart would like to use tcpdump for the same purpose, consider
> running something like:
>
> tcpdump -nt 'port 25 and (tcp[tcpflags] & tcp-syn != 0)'
Maybe my ipfw is old; it kept telling me that "log" is an invalid
action. However, I think I may be able to get the tcpdump idea to work.
Thanks!
More information about the freebsd-questions
mailing list