[Dshield] 'iptables' config for WRT54G running Sveasoft Alchemy-pre5.4a

David Cary Hart DShield at TQMcube.com
Fri May 6 12:48:15 GMT 2005


On Thu, 2005-05-05 at 21:15 -0400, David Lawless wrote:
> I'm planning on setting up Dshield log submissions using 
> 'iptables' logging from my Linksys WRT54G running Sveasoft 
> Alchemy-pre5.4a (i.e. Linux).  I'm forwarding the 'syslogd' 
> messages to my CentOS 4 (RHEL 4) Linux system and the messages 
> are getting recorded nicely.
> 
> I downloaded 'iptables.tar.gz' from the "Linux 2.4x iptables" 
> link on the "Linux and UNIX 'Framework' Clients" page.  I see a 
> nifty Perl script for parsing the logged 'iptables' connection 
> entries and sending them to Dshield.org.
> 
> What I don't see are the 'iptables' commands for configuring 
> connection and probe logging in the kernel.  Seems like a rather 
> major omission.  At present the 'iptables' setup on the router 
> doesn't log anything but invalid state connection activity. What 
> I need are 'iptables' entries for logging the WAN side inbound 
> connection attempts.  Makes no sense to log anything from the 
> LAN side or any outbound connection requests.  I've attached the 
> current 'iptables' to this message.
> 
Are you sure that you are using the 2.4 kernel?
The best GUI to help you get started with IPT is included in webmin
(http://www.webmin.com).
Don't pass the logs from the router. Pass (NAT) the unaccepted traffic
to the box running IPT or let IPTables do NAT.
-- 
Multi-RBL Check:         http://www.TQMcube.com/rblcheck.htm
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm
-- 
Multi-RBL Check:         http://www.TQMcube.com/rblcheck.htm
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm



More information about the list mailing list