I wasn't surfing the Web, but out of the blue the Linux RH 7.2 box connected out to this twice at least.

10.0.0.2 www.rhns.redhat.com 443

It's from my hardware firewall outgoing log.

I remember I registered for up2date. I uninstalled it.

Presently there's no firewall rule at all. I thought my box was rock solid since I manually removed all open ports except junkbuster proxy on 8000.

Is there a way to find out what is connecting where? Like a firewall logging program. How do I set it up? On Windows box, I use Sygate which has real-time logging capability of traffic, apps, and the entire content of each packet.

If you set up a firewall using iptables, it will log to /var/log/messages automatically.

If you set up a firewall using iptables, it will log to /var/log/messages automatically.

It will?

I thought you had to setup and logging chain.


echo "setting up ACKLOG"
/sbin/iptables -N acklog
/sbin/iptables -A acklog -j LOG --log-prefix Accepted:
/sbin/iptables -A acklog -j ACCEPT


Then you could do:
/sbin/iptables -I INPUT -i eth0 -p tcp --sport 22 -j acklog

Thanks for the replies.

When I tried to set up iptables, there were errors.

--
[root@localhost /]# /sbin/iptables -N acklog
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@localhost /]# /sbin/iptables -A acklog -j LOG --log-prefix Accepted:
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@localhost /]# rpm -q iptables
iptables-1.2.4-2.asp
[root@localhost /]# /sbin/iptables -A acklog -j ACCEPT
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.9-34/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Place this at the top of your script.


cls
echo "Starting Firewall INIT."
echo ""
echo " - Verifying that all kernel modules are ok"
/sbin/depmod -a

#Loading Various IPTABLES Moduels
echo "Loading Various IPTABLES Moduels"
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp
cls
echo "Done loading modules."



You must load the modules before you can really do anything advance with iptables.

I would suggest reading (http://www.cs.princeton.edu/~jns/security/iptables/) up on IPtables.
This isnt something you can just jump into.