iptables
This will log any TCP
For example, to log all inbound access requests from anywhere on the Internet (0.0.0.0/0) to the PPTP service (port 1723) on the SnapGear appliance (IP address 1.2.3.4):
iptables
To find the resultant log entry in the logs, simply search for the prefix, in this instance "Internet PPTP access: ".
If for example site 192.0.1.2 attempted to access the SnapGear appliance’s PPTP port, the resultant log message would look something like this:
<12> Jan 24 17:19:17 2000 klogd: Internet PPTP access: IN=eth0 OUT= MAC=00:d0:cf:00:07:03:00:50:bf:20:66:4d:08:00 SRC= DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43470 DF PROTO=TCP SPT=4508 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
Note how OUT is set to nothing. This indicates that the packet was attempting to reach a service on the SnapGear appliance, rather than attempting to pass through it.
A very similar scenario occurs for logging access requests that are attempting to pass through the SnapGear appliance. It merely requires replacing the INPUT keyword with
FORWARD.
Thus, to log permitted inbound requests to services hosted on a server behind the SnapGear appliance, or outbound requests to services on a public network server, use:
iptables
For example, to log all inbound requests from the IP address 5.6.7.8 to the mail server (port 25) on the machine flubber on the LAN with address 192.168.1.1:
99
Appendix B – System Log