Firewall logs??? How to identify a protocol???

Home Page Forums Network Management ZeroShell Firewall logs??? How to identify a protocol???

This topic contains 5 replies, has 0 voices, and was last updated by  arfon 9 years, 1 month ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #42123

    arfon
    Participant

    I setup some firewall rules to block all traffic EXCEPT for DNS and HTTP. The DNS rule works fine… The HTTP rule doesn’t seem to work, http traffic is still dropped.

    When I look at the logs, I see the traffic but, I don’t see:

    1) What protocol the traffic is (and therefore why it’s being dropped).

    2) whether the traffic is accepted or dropped by the rules.

    How/where can I see this information? Is there a system log somewhere? Are there logging options that I am missing?

    #49330

    ppalias
    Member

    On firewall menu select the FORWARD chain on the drop down list and then click on “view”. Copy the content and paste it here to see what are the rules exactly and what is dropped.

    #49331

    arfon
    Participant

    Here’s my setup PPP0 & PPP1 are WAN (weighted). ETH00 is the LAN.

    192.168.1.10 is my ‘non-blocked machine’.

    192.168.1.12 is my DNS & HTTP only machine.

    Web pages URLs resolve but they don’t load on 192.168.1.12

    The firewall is setup like this:

    Here are the logs:

    What I note is that only the data that is being forwarded to 192.168.1.10 is showing up in the logs and NONE of 192.168.1.12’s traffic is showing (even the DNS which is working).

    #49332

    arfon
    Participant

    Sorry, here’s the firewall rules you asked for-

    #49333

    ppalias
    Member

    Try it with port instead of L7 protocol. Which DNS server are you using on the 192.168.1.12?

    #49334

    arfon
    Participant

    DNS = my provider’s DNS

    I don’t see a place to put the port information in the Rule Config page. How do I add port info?

    #49335

    ppalias
    Member

    Second row says “Protocol matching” and the drop down list has “ALL” selected. Select UDP and then destination port 53 for the DNS and TCP destination port 80 for http and 443 for https.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.