Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 04:42:15 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  logging firewall
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: logging firewall  (Read 9123 times)
fdelval
Jr. Member
*
Offline Offline

Posts: 6


« on: Monday 19 July 2010, 12:30:19 am »

Wow, this is very exciting, i want to set up EFW asap and i want to understand it.

I have FIREWALL -> SYSTEM ACCESS -> log packets ticked.
*outgoing traffic, inter-zone, vpn and port forwarding logs are DISABLED
*I actually dont have rules except for the default EFW firewall rules (ssh, 80, 53....)

If i go an chech firewall logs, and i can only see traffic from my RED zone to the UFW or WAN ip addresses.

I dont understand that? i thought only WAN ip would get logged...


If i set up a rule in SYSTEM ACCESS, now its when i can see them being logged...


i cant get it to work properly... help?




Also a question, when i open the 22 port in SYSTEM ACCESS, then i go to port forwarding, there, there are 3 labels,

port forwarding / nat
source nat
incoming routed traffic


i only use the port forwarding / nat one... what are the others for??

Logged
DFen
Full Member
***
Offline Offline

Posts: 46


« Reply #1 on: Monday 19 July 2010, 05:43:49 pm »

I have FIREWALL -> SYSTEM ACCESS -> log packets ticked.
*outgoing traffic, inter-zone, vpn and port forwarding logs are DISABLED
*I actually dont have rules except for the default EFW firewall rules (ssh, 80, 53....)

If i go an chech firewall logs, and i can only see traffic from my RED zone to the UFW or WAN ip addresses.

I dont understand that? i thought only WAN ip would get logged...


If i set up a rule in SYSTEM ACCESS, now its when i can see them being logged...


i cant get it to work properly... help?
SYSTEM ACCESS part of the firewall controls who can access the firewall box itself (regardless of which zone the source is from)
From what you say it sounds like it IS working properly

Quote
Also a question, when i open the 22 port in SYSTEM ACCESS, then i go to port forwarding, there, there are 3 labels,

port forwarding / nat
source nat
incoming routed traffic


i only use the port forwarding / nat one... what are the others for??

port forwarding or DNAT allows for example incoming mail from RED (tcp port 25) to be redirected directly to your internal mail server

Source NAT or SNAT translates Internet requests from your GREEN (private ip range) zone to your Internet IP to go out on the RED zone.

Not sure about the third one at the moment Smiley
Logged
fdelval
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Thursday 22 July 2010, 01:44:12 am »


On my way to correct it.

Just a question, should i add a REJECT ALL policy after the DENY policies to close not desired traffic?

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com