[ previous ] [ next ] [ threads ]
 From:  DevAuto <devauto at gmail dot com>
 To:  "Daniel L. Hunter" <dhunter at techmethods dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RealVNC Logging
 Date:  Thu, 17 Feb 2005 11:28:23 -0500
Hi, I am not sure if you have an answer to this question yet or not,
but without seeing your ruleset, the first guess that I would make is
that you have a rule above (before) your allow rule that is already
allowing the traffic over port 5900 and logging it. If the port you
are using for VNC is in a range that is used for something else, and
the rule is listed first, then the VNC traffic will be logged. It is
also possible that the rule to log traffic over port 5900 is applied
to a different interface, is sis0 (from your log snippet) the same
interface you applied the rule to? Those are the first 2 places I
would look. I am curious to find out what you ultimately determine the
problem to be ...

Hope this helps.


On Mon, 14 Feb 2005 01:07:00 -0500, Daniel L. Hunter
<dhunter at techmethods dot com> wrote:
> M0n0wall's logging has me a bit confused.  I'm using RealVNC to remotely
> administer a server that I have at a co-lo.  This server is behind a
> m0n0wall.  When I log into the server the logs are overwhelmed by
> reports of the RealVNC connection (port 5900):
> 01:06:01.400226 sis0 @200:3 p,5900 -> 6*.24*.21*.1*3,1276 PR
> tcp len 20 429 -AP K-S IN
> I have a rule allowing this traffic to pass and have made sure that "Log
> packets that are handled by this rule" is not checked.  This wouldn't be
> so bad but I'm not able to keep an eye on the important log entrys.
> Why is this traffic being logged?  It's doing me absolutly no good.
> Hell, I'm generating the traffic by logging into the server.  I don't
> need it logged.  Am I doing something wrong?
> Thanks in advance for your help.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Failure is not an option ... it comes bundled with your Micro$oft solution!