[ previous ] [ next ] [ threads ]
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Captive portal remote syslogging problem
 Date:  Thu, 20 Jul 2006 18:35:58 +0000
Hi, I was just wondering...

I've set up a remote syslog server - monitoring LAN activity (ipmon). I did 
this by setting up a single pass-all rule as the last/default rule on the 
LAN interface and I'm logging firewall events to the syslog server.

Next i set up a client on the Captive portal interface (LAN). I then try to 
open a default webpage and i get a PASS event on the remote syslog server - 
before the client is authenticated.

I suspect this behaviour to be a result of the captive portal rules being 
applied after the LAN rules. However I'd like to get rid of firewall events 
that did'nt really happen. Can this be done?

Also i have a more or less related question: Any chance to log an event when 
a NAT table/firewall state entry is timed out. It would be great to be able 
to meassure the number of octets sent/recieved between specific IP's.

Søren Vanggaard Jensen