[ previous ] [ next ] [ threads ]
 
 From:  Josh <josh at nemesis dot net>
 To:  mirassou at cict dot fr
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to go up with a final M0n0Wall user (IP/MAC address) in case of trouble (network attack)?
 Date:  Wed, 29 Sep 2004 05:47:34 -0700
On Wed, 29 Sep 2004 09:17:49 +0200, Denis Mirassou <mirassou at cict dot fr>  
wrote:


>>  edited:
>> If you have the address space avail one option is of course to not
>> use NAT at all (so connections won't come from the m0n0 IP).  If
>> that's not possible, the only option I can think of is to setup
>> a rule to log all outbound (allowed) connections - to a dedicated

> In the case of having enough address space available for my LAN, how do  
> I de-activate NAT on M0n0Wall in order to have connections coming from  
> LAN Clients IP address ? That's what I want.
> (I didn't put any NAT rule but connections still coming from M0n0 WAN IP  
> address)

As the other post said - all you need to do is turn on 'Advanced NAT'
and hit save.  I've tested this and it works fine in my environment.
(Ie - routing with no nat).

If you're having problems getting it to work - restart from a fresh
config.  Put in the IP's for your LAN and WAN, then turn Advanced NAT
on (and don't setup any other NAT or firewall rules!).  The default
rules will allow outbound connections from LAN->WAN and this should
work fine out of the box.  Of course you'll need to setup routes on
other routers on your network to reach anything.

-josh


>> 2) Dynamic addressing
>> In this way WiFi is like dialup - and the problem can be solved
>> in the same way using the captive portal feature and RADIUS auth.
>> (RADIUS was mainly developed to support dialup it seems).
>>  Your radius logs should be able to tell you who authenticated when
>> and had what IP.  DHCP logs might be useful as well.
>
> Yes, I have dynamic IP addressing for LAN clients (M0n0 = DHCP server)  
> and Radius authentication.
> I am able to find a user knowing the M0n0 IP address that does a http  
> request on an external server at a precise time by looking at firewall  
> logs (request from LAN client on M0n0 LAN interface, then from M0n0 WAN  
> interface to external server), dhcp logging (to find the client MAC  
> address knowing his LAN IP), and Radius logging (to find client username  
> knowing his MAC address, FreeRadius just log client MAC address and NAS  
> IP address).
> All these logs can be redirected on a syslog server but that's still 3  
> different log to analyse.
>
> It would be much benefit to know LAN IP address used...
>
> Denis
>
>> -josh
>>  ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>
>