Suppose in i have the firewall active or any other security like SE linux etc.
Now suppose user wants to connect to port 21
and Iptables does not allow it.
Now when users gets denied is that message logged any where so that i can see what the partucular used is blocked or why particular port is blocked.
Rather than digging every setting to find out why i am not getting through it.
I have chnaged the default ssh port to 8022
but i am getting conenction refused.
I have checked telnet and its listening on that port. I have empty iptables.
Is there any log where i can check who is refusing connection
Best Answer
First answer
No. There is no log by default, showing this, but
Showing current firewall configuration
Look how your firewall is configured:
Look for
Chain [INPUT|OUTPUT] policy
first. If there is anything else thanACCEPT
, used port may have to be explitelyACCEPT
ed lather...To show explicites rules about port 20 and port 21, but care, you may have to read entire firewall configuration, to check about
multiport
,user-defined chains
, etc.. this may become hard if you don't knowiptables
at all.An empty opened firewall config could look like:
see:
Knowing what could block something in your rules
I use this trick:
Than a first call to
getChanges
will dump all tables and counters. subsequents calls to same function will print only rules where counter are modified. This could help to find which rule are blocking something.Showing current network stacks state:
The kernel network stack could be dumped by
for TCP sockets or
for UDP sockets.
As my FTP server use TCP sockets, I could see that one exchange is currently established between my server and host ...35, ( the server has currently 2364 packet to send to client. maybe a file, maybe a list... )
Tracking for traffic on specific interface
Instead of using
log
, you could watch what's happen on your interface:This will dump usefull information about traffic on
ethX
, but as by default and to be more humain readable, this tool will try to resolve each IP's name. So there may be some delay between the event himself and the dump on terminal. So:won't try to resolve (opt
-n
) IPs and services names and will show ALL (-a
) packets traversing the interface.more finely:
More detailled:
... use -v or -vv for full protocol decode
Where you could follow each operation.