Logging from iptables?
Posted: Wed Feb 12, 2020 10:58 am
New user here, running a Linksys WRT3200ACM. I am not an expert in Linux, but have had success with past single-board-computer projects by simple trial-and-error. The limited feature set of openWRT is more challenging. I have two questions that are not addressed by anything that searching this forum provides. Thanks in advance for your ideas!
1. I would like to FTP from storage media in a USB port (configured and working). I see that the FTP server 'vsftpd' is installed, however, the setup instructions provided in the openWRT forum are not working. Overall, starting and stopping services via init.d is not working. What am I missing?
2. iptables are new to me but seem quite powerful in controlling router behavior. In particular, I would like to use the LOG feature in iptables to report the forwarding of packets from a range of IPs that use particular destination ports. Specifically, the kid's phones, and chat application ports 5222 and 5223. (homework-time means HOME work!) I have rules in the chain that I think should work, but see nothing in the syslog. Example rule: 'iptables -A forward_tcp_log_chain -p tcp -m iprange --src-range 192.168.1.100-192.168.1.249 --dport 5222:5223 -j LOG --log-prefix "***TCP:" --log-level 1'.
Has anybody used the LOG feature, and where, exactly, should logged information be placed? I wonder if the LOG feature might need some un-installed option...
Again, thanks for any/all ideas or suggestions!
1. I would like to FTP from storage media in a USB port (configured and working). I see that the FTP server 'vsftpd' is installed, however, the setup instructions provided in the openWRT forum are not working. Overall, starting and stopping services via init.d is not working. What am I missing?
2. iptables are new to me but seem quite powerful in controlling router behavior. In particular, I would like to use the LOG feature in iptables to report the forwarding of packets from a range of IPs that use particular destination ports. Specifically, the kid's phones, and chat application ports 5222 and 5223. (homework-time means HOME work!) I have rules in the chain that I think should work, but see nothing in the syslog. Example rule: 'iptables -A forward_tcp_log_chain -p tcp -m iprange --src-range 192.168.1.100-192.168.1.249 --dport 5222:5223 -j LOG --log-prefix "***TCP:" --log-level 1'.
Has anybody used the LOG feature, and where, exactly, should logged information be placed? I wonder if the LOG feature might need some un-installed option...
Again, thanks for any/all ideas or suggestions!