Title: logging firewall Post by: fdelval on Monday 19 July 2010, 12:30:19 am Wow, this is very exciting, i want to set up EFW asap and i want to understand it.
I have FIREWALL -> SYSTEM ACCESS -> log packets ticked. *outgoing traffic, inter-zone, vpn and port forwarding logs are DISABLED *I actually dont have rules except for the default EFW firewall rules (ssh, 80, 53....) If i go an chech firewall logs, and i can only see traffic from my RED zone to the UFW or WAN ip addresses. I dont understand that? i thought only WAN ip would get logged... If i set up a rule in SYSTEM ACCESS, now its when i can see them being logged... i cant get it to work properly... help? Also a question, when i open the 22 port in SYSTEM ACCESS, then i go to port forwarding, there, there are 3 labels, port forwarding / nat source nat incoming routed traffic i only use the port forwarding / nat one... what are the others for?? Title: Re: logging firewall Post by: DFen on Monday 19 July 2010, 05:43:49 pm I have FIREWALL -> SYSTEM ACCESS -> log packets ticked. SYSTEM ACCESS part of the firewall controls who can access the firewall box itself (regardless of which zone the source is from)*outgoing traffic, inter-zone, vpn and port forwarding logs are DISABLED *I actually dont have rules except for the default EFW firewall rules (ssh, 80, 53....) If i go an chech firewall logs, and i can only see traffic from my RED zone to the UFW or WAN ip addresses. I dont understand that? i thought only WAN ip would get logged... If i set up a rule in SYSTEM ACCESS, now its when i can see them being logged... i cant get it to work properly... help? From what you say it sounds like it IS working properly Quote Also a question, when i open the 22 port in SYSTEM ACCESS, then i go to port forwarding, there, there are 3 labels, port forwarding or DNAT allows for example incoming mail from RED (tcp port 25) to be redirected directly to your internal mail serverport forwarding / nat source nat incoming routed traffic i only use the port forwarding / nat one... what are the others for?? Source NAT or SNAT translates Internet requests from your GREEN (private ip range) zone to your Internet IP to go out on the RED zone. Not sure about the third one at the moment :) Title: Re: logging firewall Post by: fdelval on Thursday 22 July 2010, 01:44:12 am On my way to correct it. Just a question, should i add a REJECT ALL policy after the DENY policies to close not desired traffic? |