[ previous ] [ next ] [ threads ]
 
 From:  "Jason J. Ellingson" <jason at ellingson dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Logs
 Date:  Sat, 28 Aug 2004 12:30:01 -0500
That's the ticket.

Created logging rule for only the WAN, and non-logging rule for the
LAN/DMZ... works like a champ.

Thanks for the help!
------------------------------------------------------------
Jason J Ellingson
Technical Consultant

615.301.1682 : nashville
612.605.1132 : minneapolis

www.ellingson.com
jason at ellingson dot com

-----Original Message-----
From: Fred Wright [mailto:fw at well dot com] 
Sent: Friday, August 27, 2004 1:16 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Logs


On Tue, 24 Aug 2004, Jason J. Ellingson wrote:
> 
> I have a /28 IP block
> 
> WAN and DMZ are bridged (filtered bridge)
> LAN and DMZ are on same switch (all my servers have both a 192.x.x.x IP
and
> a real IP)
> 
> LAN has two rules:
> FROM 192.x.x.x * TO * * ALLOW NOLOG
> FROM * * TO * * BLOCK NOLOG
> 
> DMZ has similar rules:
> FROM 209.x.x.x * TO * * ALLOW NOLOG
> FROM * * TO * * BLOCK NOLOG
> 
> I added the two blocks without logging because the switch sometimes still
> sends packets out all its ports... so the LAN port sees a DMZ packet on
> occasion.
> 
> Here's the problem... m0n0wall is still logging the 209.x.x.x packets that
> show up on the LAN port instead of not logging them like it should.
> 
> Same for DMZ... it logs seeing 192.x.x.x packets.

It sounds like it's running afoul of internal "anti-spoofing" rules.  You
can check by looking at what rule # is being blamed for the log entry.  If
so, the only way to get rid of the logging is to disable the "default
rule" logging.

					Fred Wright


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch