[ previous ] [ next ] [ threads ]
 
 From:  dave <dave at rodrig dot com>
 To:  Kim Hartlev <kam at stofanet dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Remote syslogging to DMZ
 Date:  Fri, 09 Jan 2004 12:23:28 -0500
Kim Hartlev wrote:
> Hi,
> 
> I'm having trouble getting m0n0wall to log to a server in DMZ. All UDP
> packets on port 514 are blocked by MW. I have the following setup:
> 
> LAN IP: 192.168.250.1
> DMZ IP: 192.168.252.1
> Syslogd server IP: 192.168.252.2
> 
> I see the following in the firewall log:
>   11:00:40.258164 sis2 @0:8 B 192.168.250.1,514 -> 192.168.252.2,514 PR udp
> len 20 149 OUT

weird, if trying to pass packets into the DMZ, it shouldn't be sourcing 
them from that interface....


>>From the status page I found the following auto generated pass rule under
> the ipfstat -nio section:
>   @2 pass out quick proto udp from 192.168.252.1/32 to 192.168.252.0/24 port
> = 514 keep state group 450

the rule is correct, the packets for your logserver should originate 
from the dmz interface of the FW.

> I was wondering if the source IP should have been the LAN IP instead of the
> DMZ IP since the source IP of the blocked packets are the LAN IP.
> If this is the case, is there any way to add a new "pass out" rule from the
> webgui?
> 

nope, a "pass out" rule won't help for the reasons above. sorry i have 
no real info, i wanted to shed a little light on what you're seeing so 
far, looks like some more packet traces are in order.....

good luck
dave


> Best regards,
> Kim Hartlev
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>