[syslog-ng]bind_inet_socket() error

Dave Johnson syslog-ng@lists.balabit.hu
Thu, 28 Oct 2004 11:26:49 -0500 

www.netfilter.org

---
essentially for a basic iptables overview:
* select filtered directions
  - inbound, outbound
* create filter name
* allow traffic on filter name
* deny rest on filter name

You can do most filtering with one filtername.

This starts to get OT for this mailist list, but to get you jumpstarted--
To allow ssh, tcp 514 (syslog), anything from localhost, and locally
generated traffic going out:

-------- sample netfilter config -------
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:344]
:FW-1-INPUT - [0:0]
-A INPUT -j FW-1-INPUT
-A FORWARD -j FW-1-INPUT
-A FW-1-INPUT -i lo -j ACCEPT
-A FW-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A FW-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FW-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A FW-1-INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A FW-1-INPUT -p tcp -m tcp --dport 137 --tcp-flags SYN,RST,ACK SYN -j
REJECT --reject-with icmp-port-unreachable
-A FW-1-INPUT -p udp -m udp --dport 137 -j REJECT --reject-with
icmp-port-unreachable
-A FW-1-INPUT -p tcp -m tcp --dport 138 --tcp-flags SYN,RST,ACK SYN -j
REJECT --reject-with icmp-port-unreachable
-A FW-1-INPUT -p udp -m udp --dport 138 -j REJECT --reject-with
icmp-port-unreachable
-A FW-1-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT
--reject-with icmp-port-unreachable
-A FW-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
---end of config example---------

* Change the 514 line to add "-s" with the source ip host or network
you want to allow.

On Wed, 27 Oct 2004 17:42:14 -0500, Walt Rich <walt.rich@parago.com> wrote:
> I found the answer by filtering by hosts.
> 
> 
> 
> Thanks!
> 
> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu
> [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Walt Rich
> Sent: Wednesday, October 27, 2004 9:22 AM
> To: syslog-ng@lists.balabit.hu
> Subject: RE: [syslog-ng]bind_inet_socket() error
> 
> Is there a link that you could forward that would explain how to do
> this?  I'm a newbie to Linux and Syslog-ng.
> 
> Thanks for everyone's assistance with this.
> 
> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu
> [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Nate Campi
> Sent: Tuesday, October 26, 2004 8:00 PM
> To: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng]bind_inet_socket() error
> 
> Right, packet filter and/or compile with TCP wrappers for access
> control, syslog-ng itself won't do that for you.
> 
> On Tue, Oct 26, 2004 at 02:11:18PM -0500, Dave Johnson wrote:
> > * Set you max connections to the number of connections that you
> anticipate.
> > * Otherwise-- Firewall.
> >
> > On Mon, 25 Oct 2004 10:29:08 -0500, Walt Rich <walt.rich@parago.com>
> wrote:
> > > OK, I see what you mean.
> > >
> > > What is the syntax for setting up a source that is an IP address
> > > that is not local?  I'm trying to set up a centralized logging
> > > server and would like for it to receive logging from other servers,
> > > but I would like to be able to specify the IP addresses that it will
> accept input from.
> > >
> > > Thanks!
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: syslog-ng-admin@lists.balabit.hu
> > > [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs
> > > Scheidler
> > > Sent: Sunday, October 24, 2004 3:53 AM
> > > To: syslog-ng@lists.balabit.hu
> > > Subject: RE: [syslog-ng]bind_inet_socket() error
> > >
> > > On Sun, 2004-10-24 at 00:36, Walt Rich wrote:
> > > > Response to a) shows:
> > > > # ifconfig -a | grep 172
> > > >         inet 172.16.100.202 netmask ffffff00 broadcast
> > > > 172.16.100.255
> > >
> > > but you are trying to bind to  172.16.65.61, which is not local.
> > > (your local IP is .202)
> > >
> > > (for TCP sources you are specifying the bind IP and not the IP
> > > address you want to receive messages from)
> > >
> > > --
> > > Bazsi
> > >
> > > _______________________________________________
> > > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Frequently asked questions at
> > > http://www.campin.net/syslog-ng/faq.html
> > >
> > > _______________________________________________
> > > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Frequently asked questions at
> > > http://www.campin.net/syslog-ng/faq.html
> > >
> > >
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> >
> 
> --
> Nate
> 
> "Usenet is distributed network anarchy at its best--or worst, depending
> on what is posted on any particular day." - Fiedler, David in 'Byte'
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>