D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: obeiro on July 02, 2010, 03:58:42 AM
-
Hi,
That's my first post. I've been searching a while and haven't found an answer so here I am.
I've got a DFL-800 basic setup, planning a future WAN load balance scenario. I've found a few issues but instead of asking how to fix them I'm trying some selflearning, but I'm stuck with logging.
Memlog isn't enough so I'd like to use remote logging to a syslog server, but had no luck so far.
Here's my scenario.
* DFL-800 Firewall - WAN1: Public IP - LAN: Private IP:10.0.0.254 Subnet: 10.0.0.252/30
Default config. Just added two IP rules to let all traffic flow to the network appliance at 10.0.0.253
# Name Action Source interface Source network Destination interface Destination network Service
1 allow_all_tcpudp_sat SAT any all-nets core wan1_ip all_tcpudp
2 allow_all_tcpudp_nat NAT any all-nets core wan1_ip all_tcpudp
* The Network appliance (IPBrick) is a linux box which handles VPN, VoIP, email and fax, and works as main firewall. Unfortunately doesn't support WAN load balance or failover (that's why we need DFL-800).
eth0 IP: is 10.0.0.253 and eth1 IP 192.168.0.254 in our LAN Subnet 192.168.0.0/24
* A windows box in the LAN lets say 192.168.0.101 with a syslog server which should receive log messages from DFL-800 but does not :-(. I can ping and manage (https) DFL-800 from that IP.
I've tried wallwatcher and syslog watcher 2 without success, adding a Log and Event receiver:
Name Type IPAddress Port Comments
dfl-rsyslog Syslog Receiver 192.168.0.101 514
And I've even tried D-LINK example: How_to_log_visited_web_sites.pdf and no messages appeared on the server.
Any help is appreciated.
Thank you
Sorry about my english.
-
You're talking about different things.
I think, document you saw is about using service with HTTP ALG - if you enable its logging, you'll see visited URLs.
But, your rules is WAN > LAN (SAT) and without ALG.
So, what you have and what you want to get as result?
-
Hi,
Thank you for your answer.
First I was trying to show our scenario. Once you know how it is set up our network, I tried to explain my problem (no remote logging in my syslog server). I've just said I've used a working example (HTTP ALG) to check if it was something related with my setup.
WHAT I WANT
I want to get syslog data of incoming traffic on a Syslog remote server at 192.168.0.101
WHAT I GOT
INET ---- DFL-800 ---- Linux router ---- LAN (Syslog Server)
-
So...
1) Add static route for 192.168.0.0/24 to LAN
2) Make "allow" rules on Linux router to allow DFL > Syslog server traffic
-
I didn't realise about the fact that traffic from DFL "needed to know" how to reach our internal LAN. The static route was the answer, and then forwarding 514 UDP syslog packets to the right server solved the issue.
I've got lots of new questions, but I guess it's better make them one by one on new threads.
Thank you.