[ previous ] [ next ] [ threads ]
 
 From:  Denis Mirassou <mirassou at cict dot fr>
 To:  David Cook <david dot cook at jetpress dot com>
 Cc:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How to go up with a final M0n0Wall user (IP/MAC ad dress) in case of trouble (network attack)?
 Date:  Tue, 28 Sep 2004 16:51:21 +0200
David Cook wrote:
> Denis,
> 
> If you turn on 'Advanced outbound NAT' then all traffic is routed, unless a
> specific NAT rule is in place for the source network of the traffic. 

Hi,

Well, it's all the same...

Advanced outbound NAT is activate and i put one rule :
WAN (interface)	a.b.c.d/24 (Source LAN network) * * *
(Authorize all from LAN IP network on the WAN interface)


I have to have put this in the firewall ruleset (everything denied by 
defect):

LAN interface:
* LAN net	*	*	*
(authorize all from my LAN)

WAN interface:
*	*	*	*	*
(authorize all)

The LAN IP network is routed to M0n0Wall WAN IP address from my nearby 
router (i can ping my LAN machines from the nearby router interface).

So, all is working but all outbound traffic have M0n0Wall WAN IP address 
as sender address (I would like to see the client IP address).

Log of external web server:
M0n0Wall_WAN_IP_address - - [28/Sep/2004:16:40:50 +0200] "GET / 
HTTP/1.1" 403 1136 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

Mmm, any suggestions ?

Denis

> For portal clients to be able to access the Internet, the portal network
> would require a subnet of public IP addreses appropriately routed to the WAN
> interface of the m0n0wall firewall. 
Done

> Are you planning to use DHCP logging to then indentify the portal client
> that the IP address was allocated to at the time of the reported event?

Yes

>>-----Original Message-----
>>From: Denis Mirassou [mailto:mirassou at cict dot fr]
>>Sent: 28 September 2004 10:34
>>To:  m0n0wall at lists dot m0n0 dot ch
>>Subject: [m0n0wall] How to go up with a final M0n0Wall user (IP/MAC
>>address) in case of trouble (network attack)?
>>
>>
>>Hi,
>>
>>Im am testing M0n0Wall for captive portal feature primarily.
>>The objective is to set up hot spots for our students staff.
>>
>>For security purpose, we want to be able to go up with a customer in 
>>case of trouble.
>>For example, a sysadmin tells us someone xxx.xxx.xxx.xxx (from 
>>us) hacks 
>>his server on Sept 25 02:57:56.
>>
>>How can i go up with one of our wifi users considering that oubound 
>>requests are send with M0n0Wall WAN IP address ?
>>
>>I would want to get the user IP Address.
>>
>>Thanks,
>>
>>Denis
>>-- 
>>Denis Mirassou

>>Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
> 
> 
> JET PRESS LIMITED
> Nunn Close
> Huthwaite
> Nottinghamshire
> NG17 2HW
> UK
> 
> Web:	www.jetpress.com
> Tel:	+44-1623-551 800
> Fax: 	+44-1623-551 175
> 
> 
> Confidentiality Notice 
> This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> 


-- 
Denis Mirassou

Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)