[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Magne Andreassen <magne dot andreassen at bluezone dot no>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Remote syslog'ing on m0n0wall
 Date:  Mon, 1 Sep 2003 07:20:17 +0200 (CEST)
On Sun, 31 Aug 2003, Magne Andreassen wrote:

> Also tried to force syslogd to bind to the internal ip-adress:
> "syslogd -b <m0n0wall's ip-addr>"
> but with the same result:
> "syslogd: sendto: No route to host"
> Tried to loosen up firewall rules, adding static routes, but still
> the same...(I CAN ping the syslogd server from m0n0wall).
> running out of options...am i missing the obvious here?

Probably. Is the syslog server on LAN? You need a firewall rule to
explicitly permit traffic from m0n0wall to the syslog server. Add
something like this in filter.inc, around line 625 (where the rules to
permit DNS/Ping to LAN hosts are):

# allow the firewall to use syslog servers on LAN
pass out quick proto udp from $lanip to $lansa/$lansn port = 514 keep state group 150

Let me know if it works. If it still doesn't, check the filter log for
dropped packets. The "keep state" may not even be necessary for
syslogging, but who cares. This could of course be extended to allow
logging to syslog servers on optional interfaces, just like it's done with
DNS service.