Alexandre Nizoux's questions

Title says it all.

How can I, with iptables under Linux, log all IP connecting to a server? As a little detail, I'd like to have only ONE entry in the log PER DAY PER IP.

Thanks :)

EDIT:

I narrowed it down to 5 packets logged for every new session which is weird since I use --hashlimit 1 --haslimit-burst 1, I suspect that --m limit which defaults to 5 plays a role in there. Trouble is, if I set --m limit to 1, only 1 entry is logged for ALL IP instead one per EACH IP.

The reason I want to do this is also to avoid as much as possible logs growing too fast since this will be a rather unmanaged box.

EDIT2: Here is my current try, in a iptables-restore format: (on several lines for ease of reading)

-A FORWARD -d 10.x.x.x -p tcp --dport 443 -m state --state NEW 
-m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 
--hashlimit-mode srcip --hashlimit-name denied-client 
-j LOG --log-prefix "iptables (denied client): "

I have 2 hypervisors running. One is an ESXi 4, the other one a Hyper-V 2008 R2.

My question is: What is the cleanest and easiest way to clone a machine under each hypervisor without using any centralized management tool.

Thanks.

I am trying to set up a Linux bridge with 2 ethernet interfaces and cannot get it to work correctly. I am using Gentoo Linux and thought it would be quite easy but I end up having trouble getting packets go through the bridge. All of that is virtualized under Hyper-V is that matters for anything (but I doubt it).

Here goes my configuration.

 ------              ------------------           --------         -----------
| NUX3 |------------|eth1  BRIDGE  eth0|---------| ROUTER |-------/ INTERNET /
 ------              ------------------           --------        -----------
192.168.1.195/24    192.168.1.197/24 (br0)     192.168.1.101/24
00:15:5d:00:01:12   00:15:5d:00:01:08 (eth0)   00:15:5d:00:01:03
                    00:15:5d:00:01:13 (eth1)       

# cat /etc/conf.d/net

bridge_br0=( "eth0 eth1" )
config_eth0=( "null" )
config_eth1=( "null" )
config_br0=( "192.168.1.197 netmask 255.255.255.0 brd 192.168.1.255" )
routes_br0=( "default via 192.168.1.101" )

# brctl show

bridge name      bridge id              STP enabled      interfaces
br0              8000.00155d000108      no               eth0
                                                         eth1

# brctl showstp br0

<...>
eth0 (1)               state               forwarding
eth1 (2)               state               forwarding
<...>

# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0

# ifconfig

<...>
br0    UP BROADCAST RUNNING MULTICAST
       inet addr:192.168.1.197  Bcast:192.168.1.255  Mask:255.255.255.0
<...>
eth0    UP BROADCAST RUNNING PROMISC MULTICAST
<...>
eth1    UP BROADCAST RUNNING PROMISC MULTICAST
<...>

# brctl showmacs br0

port no mac addr                    is local?        ageing timer
  1     00:15:5d:00:01:03           no                   1.51
  1     00:15:5d:00:01:08           yes                  0.00
  2     00:15:5d:00:01:12           no                  36.22
  2     00:15:5d:00:01:13           yes                  0.00

BRIDGE can ping the ROUTER but not NUX3, NUX3 cannot ping neither BRIDGE nor ROUTER. All seems good to me but I am obviously missing something. I'd be really glad if someone can point me to it!

Thanks.