From f6b15c76ba2b6716924d07f989143643f9bcce5b Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 30 Jan 2006 18:10:03 +0000 Subject: [PATCH] Add FAQ entry for DNAT/REDIRECT logging git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3408 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/FAQ.xml | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml index 8611391dc..ee02370fc 100644 --- a/Shorewall-docs2/FAQ.xml +++ b/Shorewall-docs2/FAQ.xml @@ -17,7 +17,7 @@ - 2005-01-16 + 2006-01-30 2001-2006 @@ -1214,6 +1214,27 @@ LOGBURST="" your firewall to log and drop the packet out of the rfc1918 chain because the source IP is reserved by RFC 1918. + +
+ (FAQ 52) When I blacklist an IP address with "shorewall drop + www.xxx.yyy.zzz", why does my log still show REDIRECT and DNAT entries + from that address? + + I blacklisted the address 130.252.100.59 using shorewall + drop 130.252.100.59 but I am still seeing these log + messages: + + Jan 30 15:38:34 server Shorewall:net_dnat:REDIRECT:IN=eth1 OUT= MAC=00:4f:4e:14:97:8e:00:01:5c:23:24:cc:08:00 + SRC=130.252.100.59 DST=206.124.146.176 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=42444 DF + PROTO=TCP SPT=2215 DPT=139 WINDOW=53760 RES=0x00 SYN URGP=0 + + Answer: Please refer to the + Shorewall Netfilter + Documentation. Logging of REDIRECT and DNAT rules occurs in the + nat table's PREROUTING chain where the original destination IP address + is still available. Blacklisting occurs out of the filter table's INPUT + and FORWARD chains which aren't traversed until later. +
@@ -1937,13 +1958,5 @@ Shorewall has detected the following iptables/netfilter capabilities: Raw Table: Available gateway:~#
- -
- (FAQ 52) How do I Configure Shorewall to work with - Snort-Inline? - - Answer: Please see http://www.catherders.com/tikiwiki-1.9.1/tiki-read_article.php?articleId=47 -
\ No newline at end of file