Troubleshooting source spoofing
I was able to compile syslog-ng with source-spoofing enabled on FreeBSD 5.3 with no problems but, The traffic is forwarded with my interface IP instead of the original source. I'm using: syslog-ng 1.6.7 libol 0.3.15 libnet 1.1.2.1 I have done some searching on the web but, I've been unsuccessful in finding information on how to troubleshoot source spoofing if it isn't working. Any information regarding this would be much appriciated. Thanks JF
On Mon, 2005-04-25 at 12:49 -0600, James Franzen wrote:
I was able to compile syslog-ng with source-spoofing enabled on FreeBSD 5.3 with no problems but, The traffic is forwarded with my interface IP instead of the original source.
I'm using: syslog-ng 1.6.7 libol 0.3.15 libnet 1.1.2.1
I have done some searching on the web but, I've been unsuccessful in finding information on how to troubleshoot source spoofing if it isn't working.
Any information regarding this would be much appriciated.
try ktrace-ing the process, syslog-ng uses libnet to generate packets and assuming libnet works on your platform it should work for syslog-ng as well. I suspect there is some compilation/initialization problem and syslog-ng falls back to using sendto() instead of using libnet to generate packets. -- Bazsi
participants (2)
-
Balazs Scheidler
-
James Franzen