Logging Connection Attempts with iptables

[myrdos]

I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.

I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:

iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "

However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).

Any help is greatly appreciated!

[myrdos]

Anyone? I'd be happy with logging connection attempts with any other program as well, there must be a way...

[Lazydog]

Try logging syn packets instead.

[myrdos]

I don't know how to do that in iptables.

However, it looks like I can get the information I need with the tcpdump program.

[thehemi]

# log telnet attempts
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 23 -j LOG --log-level 7

I have used the above to successfully log telnet attempts.

[Lazydog]

I don't know how to do that in iptables.

However, it looks like I can get the information I need with the tcpdump program.

That or wireshark would do. As to the iptables rule

Code:

iptables -p tcp --tcp-flags SYN -j LOG --log-prefix "New Connection: "

If affter you have the port and it is still not working post your rules so we can see if there is an issue there.

# log telnet attempts
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 23 -j LOG --log-level 7

I have used the above to successfully log telnet attempts.

And this will work when you know the port, but the OP was not sure if the port was the correct one that he had opened.
He is looking for the port that his system is using to connect.