how does one interpret /var/log/messages
alex
aoclarit@kiwi.dhs.org
Thu, 18 Oct 2001 21:30:21 -0700
instead of that you should log all your rules with log-prefixes so
/var/log/messages is way easier to read like
...-j LOG --log-prefix "DNAT bla bla"
always helps me troubleshoot.
Alex
jason@matchingmoms.com wrote:
> I'm having trouble with DNAT/SNAT (trying to set up a web server behind a
> firewall). It's not working. Can anyone intepret these logs for me?
>
> Oct 19 03:08:24 julia kernel: net log entry IN=eth0 OUT=
> MAC=00:04:5a:55:87:e7:00:a0:cc:7c:11:05:08:00 SRC=192.168.0.101
> DST=192.168.0.4 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=31504 DF PROTO=TCP
> SPT=1194 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
>
> Oct 19 03:08:24 julia kernel: net log entry IN= OUT=eth0 SRC=192.168.0.4
> DST=192.168.0.101 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=TCP SPT=80
> DPT=1194 WINDOW=0 RES=0x00 ACK RST URGP=0
>
> Oct 19 03:08:25 julia kernel: net log entry IN=eth1 OUT=eth0
> SRC=192.168.0.101 DST=192.168.0.200 LEN=48 TOS=0x00 PREC=0x00 TTL=127
> ID=31760 DF PROTO=TCP SPT=1194 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
>
> Oct 19 03:08:31 julia kernel: net log entry IN=eth1 OUT=eth0
> SRC=192.168.0.101 DST=192.168.0.200 LEN=48 TOS=0x00 PREC=0x00 TTL=127
> ID=36624 DF PROTO=TCP SPT=1194 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
>
> Thanks!