[ previous ] [ next ] [ threads ]
 From:  dave <dave at rodrig dot com>
 To:  Kim Hartlev <kam at stofanet dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Remote syslogging to DMZ
 Date:  Fri, 09 Jan 2004 12:23:28 -0500
Kim Hartlev wrote:
> Hi,
> I'm having trouble getting m0n0wall to log to a server in DMZ. All UDP
> packets on port 514 are blocked by MW. I have the following setup:
> Syslogd server IP:
> I see the following in the firewall log:
>   11:00:40.258164 sis2 @0:8 B,514 ->,514 PR udp
> len 20 149 OUT

weird, if trying to pass packets into the DMZ, it shouldn't be sourcing 
them from that interface....

>>From the status page I found the following auto generated pass rule under
> the ipfstat -nio section:
>   @2 pass out quick proto udp from to port
> = 514 keep state group 450

the rule is correct, the packets for your logserver should originate 
from the dmz interface of the FW.

> I was wondering if the source IP should have been the LAN IP instead of the
> DMZ IP since the source IP of the blocked packets are the LAN IP.
> If this is the case, is there any way to add a new "pass out" rule from the
> webgui?

nope, a "pass out" rule won't help for the reasons above. sorry i have 
no real info, i wanted to shed a little light on what you're seeing so 
far, looks like some more packet traces are in order.....

good luck

> Best regards,
> Kim Hartlev
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch