|
||||||||
That's the ticket. Created logging rule for only the WAN, and non-logging rule for the LAN/DMZ... works like a champ. Thanks for the help! ------------------------------------------------------------ Jason J Ellingson Technical Consultant 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com jason at ellingson dot com -----Original Message----- From: Fred Wright [mailto:fw at well dot com] Sent: Friday, August 27, 2004 1:16 AM To: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Logs On Tue, 24 Aug 2004, Jason J. Ellingson wrote: > > I have a /28 IP block > > WAN and DMZ are bridged (filtered bridge) > LAN and DMZ are on same switch (all my servers have both a 192.x.x.x IP and > a real IP) > > LAN has two rules: > FROM 192.x.x.x * TO * * ALLOW NOLOG > FROM * * TO * * BLOCK NOLOG > > DMZ has similar rules: > FROM 209.x.x.x * TO * * ALLOW NOLOG > FROM * * TO * * BLOCK NOLOG > > I added the two blocks without logging because the switch sometimes still > sends packets out all its ports... so the LAN port sees a DMZ packet on > occasion. > > Here's the problem... m0n0wall is still logging the 209.x.x.x packets that > show up on the LAN port instead of not logging them like it should. > > Same for DMZ... it logs seeing 192.x.x.x packets. It sounds like it's running afoul of internal "anti-spoofing" rules. You can check by looking at what rule # is being blamed for the log entry. If so, the only way to get rid of the logging is to disable the "default rule" logging. Fred Wright --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |