Debian Configuration :: Shorewall (Shoreline?) Firewall Up And Running, But It's Logging To /var/log/messages?
Jan 29, 2011
I've got a Shorewall (Shoreline?) firewall up and running, but it's logging to /var/log/messages. I'd much rather have it logging to another location e.g. /var/log/firewall but can't find (a clear enough) explanation on how to do this. Apparently, it varies greatly depending on the distro, the kernel, and the version of Shorewall that is running. You'd think it would be something as simple as setting a path in a config file, but apparently not. I'm running a stock Lenny kernel on the firewall machine. It comes with version 4.0.15 of Shorewall.
The server I'm running runs Debian Etch, Squid and Shorewall. Every 24 hours the server gets a new internet IP so I need to use dyndns to keep the dns pointing to the correct PC.
I have a webserver that is running behind the debian server and am having trouble with it. When I enter the web address, it gets a timeout.
I posted a previous topic on bridging, and that didn't seem to work, so I went with Shorewall and I'm trying to setup NAT, but I'm struggling very badly. I have the interfaces configured where eth1 is my Local LAN (loc) network, and eth0 connects to my ISP (net). But my problem is that I have no clue how to forward traffic from eth1 to eth0, without using ProxyARP, which routes all traffic to eth1, and doesn't allow traffic out on itself. I've looked at the NAT tutorials, and they don't make sense to me, because I have two interfaces that I want to be able to talk to each other and the internet at the same time. Is there anyone who's good with Shorewall?
I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
I have a syslog-ng running and kernel build of 2.6.34.8 I use a syslog API in my program with facility LOG_LOCAL5 and and levels debug err and crit and info. when I ran on the older syslog facility I had everything logged fine as I intended. now I have written these rules into the syslog-ng.conf:
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as. Uploaded with ImageShack.us More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
I installed ubuntu server and got it set up, and im trying to install shorewall as a firewall, but whenever i do sudo apt-get install shorewall i get a package not found error.
I suspect this is an initial configuration bug. All firewall logs seem to be going to all three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
I think I have encountered a problem in the way that lucid handles proxy servers. I was having problems running apt-get update due to a firewall at my work. I also noted that I was getting 403 Forbidden for wget. So I went to System -> Preferences -> Network Proxy from my account (which has administrator privileges) and input the http address for the proxy server, and then clicked the button to "Apply Systemwide...".
Following that change, wget worked from my account, but whenever I tried to sudo apt-get update, I got the 403 forbidden response again, even though I could wget the same files that apt-get reported as forbidden. I figured that this was a problem with the root account, and so I typed
Code:
However, upon exiting from the root account, and trying to run sudo apt-get update again, I got the 403 forbidden code again!
So, it seems that the proxy settings are not being applied systemwide.
I installed Firestarter firewall on debian Squeeze.Now i note there is a gui available in System->Administration which apparently does not need to be running all the time - its not set up to start on boot.When I boot I notice the boot message has a line saying "Starting Firestarter firewall .... failed"When I am logged in and type "/etc/init.d/firestarter status" as the Firestarter FAQs say, I get"Firestarter is running... ... (warning)"I can run the gui manually and still same message.
I have a small LAN. I am in the process of installing a Debian Lenny/Squeeze system into the LAN. I want to send and receive system messages using rwalld and wall.I can send a system message from my Debian system to another box using rwall. I can send a local message within the Debian box using wall in a console.I cannot send a local message using wall Konsole in KDE 3.5.x. The KDE Write daemon fails to provide any pop-up window./usr/bin/wall is installed from the bsdutils package and is set to -rwxr-sr-x.
The ktalkd package is installed. The KDE control center shows a configuration option in Internet & Network settings called Local Network Chat.When not in X, mesg is set to y at the console. After starting KDE and I open Konsole, mesg is always set to n. I don't know how this setting toggles. Further, setting mesg to y in Konsole has no effect on getting wall to work.mesg is set to y when I run xterm in KDE. Then wall works within that terminal window. However, the KDE Write daemon does not see the message in xterm.When I send a message from another system to the Debian system using rwall, xterm receives the message but not Konsole or the KDE Write daemon.
An issue that has been hassling me for years since I started using Linux (Debian!) is related to the boot messages that quickly scroll on the video during the boot process. The main hassle is related to the fact that I cannot get a log of those messages. The second hassle is due to the fact that with my brand new netbook (Toshiba NB200) I cannot even stop the scroll and go back along the message stream with SHIFT+PageUpDown to understand what's going on. Of course I know that I can get a log of the boot process with 'dmesg' but I get the feeling that the very first lines show some problem I cannot grab at all.
I'm trying to stop all boot time messages from appearing -- basically I'd like to have a simple blank screen from grub to xdm.
I tried everything -- used the "quiet" option in grub's config, added dmesg -n 1 to rc.local, changed console=ttySx, set kernel.printk in sysctl.conf to 4 1 1 7, and even eradicated rsyslogd altogether... to no avail. I still see all sorts of messages on my screen.
I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.
By dead I mean I can no longer open a webpage or ping google.
iptables -N LOGGING iptables -A INPUT -j LOGGING iptables -A OUTPUT -j LOGGING iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4 iptables -A LOGGING -j DROP
how to configure my firestarter firewall. I have a website which requires the port 1935 to be open. I figured out how to open the port using firestarter. Is there anyway to make the port open only to this website, and not to every other website for security reasons of course.
I have just switched over from firestart to gufw.I have set all incoming traffic to deny and all outgoing traffic to allow.I have rules set for incoming traffic, and have only opened 1 port on my system for torrents. My router also only has the same port opened which again is for torrents.I use "Network Tools" which is included on squeeze and do a portscan of 192.168.1.100 and 127.0.0.1 I get all kinds of crazy ports coming back as opened. What is even stranger is if I do a few scans, these ports change, so one port on one scan may come up as open, then it will disappear and a different port may show as open.
Mind you none but the torrent port is forwarded in my router, I have no idea what any of these other ports are, or why they are even showing up.What the heck is going on? I dont think this is normal? Am I at any higher risk for attack?
I'm using Red Hat Enterprise Linux Server release 5. In this whenever a user process crashes due to segmentaion faults , it was not logged in /var/log/messages. Even dmesg is also not showing any messages related to this.
Where as in another distributions(Cent OS 5) I've seen segfaults messages in /var/log/messages whenever my user process crashed.dmesg also showing the segfaults.
Is there any settings that to enabled so that it logs segfaults into /var/log/messages.
I cross checked /etc/syslog.conf of both the systems. Both are same and even /etc/sysconfig/syslog files.
The system crontab (/etc/crontab) uses the same format, except that the username for the command is specified after the time and date fields and before the command.
[code]...
Every hour, I get an e-mail complaining about the first line of the crontab:
[code]...
I get the same complaint from the other entries: It looks to me as if cron, or anacron, is trying to execute the user (root) as a command. Predictably, the shell doesn't like it, so barfs and triggers an e-mail about it. Why is this not doing what the man page says it should do? The 2nd problem I believe is related to exim, not cron. The e-mails I'm getting above are being bounced from my ISP because they are directed to root@myisp.com, rather than my regular e-mail address. When the message bounces, it bounces to my regular e-mail address. In /etc/aliases, I have root: [URL]... and in etc/email-addresses I have root: [URL]... Adding the entry to /etc/email-addresses allowed the bounce to find me because the sender's address is [URL]... but how can I get cron to send these messages to me in the first place, instead of root?
Installed 6.01a from DVD 1 on a system with 4GB ram. Installer installed amd64 version by default. When I try to install amd64.deb files I get "wrong architecture" error messages from the package manager. root@Laptop-RalphDeb:/home/ralphq# uname -r 2.6.32-5-amd64 root@Laptop-RalphDeb:/home/ralphq# uname -p unknown Why I can install amd64 programs and why I get unknown for the uname -p command?
I wonder do we need firewall for home pcs at all?I mean, fine, for servers and stuff, but I have my own laptop station. People have different position on this issue.
I have a Asus RT-n12 router with DD-WRT v24-sp2 (12/19/10) mini(SVN revision 15943M NEWD-2 K2.6 Eko)I can not get my rsyslog on my linux pc to log messages from the router. I did a netstat -arn and got:
Code: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
I wanted to know which is the best firewall application for my debian squeeze amd64 home desktop. I prefer a simple interface yet powerful enough. After googling I found two options - gufw & firestarter. I am not sure which one to choose between these two.
Generally SSH related log messages are logged in /var/log/messages file. Is there a way to log them in another different file? I mean is there some configuration setting to enable this?
I am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
