On 27 Mar 2005, Sujit wrote: However we have already made that change. Also the iptables command used are: At the server side: iptables -A INPUT -s <client ip> -d <server ip> -j ACCEPT iptables -t filter -A INPUT -j LOG --- Hi Sujit, Since the log message packets are appearing in iptables logs on the server, I assume the client iptables is letting the packets pass. If the iptables rules on the server are in the above order, the first rule is not 'ACCEPT'-ing the packets. If it were, the packets would not make it down to the second rule, and so they would not be logged. I think there is a problem with the first iptables rule on the server. You could do a number of things to troubleshoot the problem. If it is not risky to do so, you could drop the firewall for a short time: $ service iptables stop and cause some logging to occur and see if it shows up on the server. Make sure you restart iptables when you confirm that it does or does not work: $ service iptables start Maybe there are some other iptables rules you could try instead. This one accepts syslog messages from anywhere: $ iptables -t filter -A INPUT -p udp -m upd --dport 514 -j ACCEPT where this one make it accept only those from the client host: $ iptables -t filter -A INPUT -p udp -m upd -s <clientIP> --dport 514 -j ACCEPT If you want something close to your original rule, perhaps eliminating the '-d' command switch and it's argument might fix things for you: $ iptables -A INPUT -s <clientIP> -j ACCEPT If none of these options are ok with you, check out the presentation of the IP address is the iptables log messages on the server and make sure they are exactly the same as those present in the iptables rule. Hope this helps, and good luck. Troy _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 12:01:58 PST