Firewall logs??? How to identify a protocol??? Home Page › Forums › Network Management › ZeroShell › Firewall logs??? How to identify a protocol??? This topic contains 5 replies, has 0 voices, and was last updated by arfon 9 years, 3 months ago. Viewing 7 posts - 1 through 7 (of 7 total) Author Posts January 1, 2010 at 10:54 pm #42123 arfonParticipant I setup some firewall rules to block all traffic EXCEPT for DNS and HTTP. The DNS rule works fine… The HTTP rule doesn’t seem to work, http traffic is still dropped. When I look at the logs, I see the traffic but, I don’t see: 1) What protocol the traffic is (and therefore why it’s being dropped). 2) whether the traffic is accepted or dropped by the rules. How/where can I see this information? Is there a system log somewhere? Are there logging options that I am missing? January 2, 2010 at 2:13 am #49330 ppaliasMember On firewall menu select the FORWARD chain on the drop down list and then click on “view”. Copy the content and paste it here to see what are the rules exactly and what is dropped. January 2, 2010 at 4:59 am #49331 arfonParticipant Here’s my setup PPP0 & PPP1 are WAN (weighted). ETH00 is the LAN. 192.168.1.10 is my ‘non-blocked machine’. 192.168.1.12 is my DNS & HTTP only machine. Web pages URLs resolve but they don’t load on 192.168.1.12 The firewall is setup like this: Here are the logs: What I note is that only the data that is being forwarded to 192.168.1.10 is showing up in the logs and NONE of 192.168.1.12’s traffic is showing (even the DNS which is working). January 2, 2010 at 5:03 am #49332 arfonParticipant Sorry, here’s the firewall rules you asked for- January 2, 2010 at 5:01 pm #49333 ppaliasMember Try it with port instead of L7 protocol. Which DNS server are you using on the 192.168.1.12? January 2, 2010 at 5:19 pm #49334 arfonParticipant DNS = my provider’s DNS I don’t see a place to put the port information in the Rule Config page. How do I add port info? January 2, 2010 at 9:50 pm #49335 ppaliasMember Second row says “Protocol matching” and the drop down list has “ALL” selected. Select UDP and then destination port 53 for the DNS and TCP destination port 80 for http and 443 for https. Author Posts Viewing 7 posts - 1 through 7 (of 7 total) You must be logged in to reply to this topic.