Lonnie Abelbeck wrote: > I tested this, and it works for me. Remember that 'Log Local Out' only > applies to packets outbound directly from the local AstLinux box (OUTPUT > Chain), *not* forwarded packets, (FORWARD Chain). For example packets > from a web browser on a LAN NAT'ed subnet will not show with "Log Local > Out". On the other hand, if you ssh into the AstLinux box (or use serial > console) and enter...
That explains it. Thanks a lot. Of course, I thought I would log ALL outgoing traffic and I thus used a local browser on the LAN to generate traffic. So, how would I go and monitor the FORWARD chain? Because, if the astlinux box is used as a router, then this is the interesting information. Also, I guess the same applies (somehow) to incoming FORWARDED traffic, right? > > $ curl http://www.astlinux.org >/dev/null > > The log will show with the above rule. > Yes, this now works. > >> >> It might seem naive, but if I simple disable the firewall, I can no >> longer access my external IF from any LAN computers. When the firewall is >> active, traffic is NATed to the outside and the firewall rules are >> applied. >> >> Would disabling the firewall also disable the masquerading (NAT) via the >> external interface? > > Yes. That explains your results. > O.K. Now I understand it. However, it is not very easily understood by a novice user that disabling a firewall somehow results in no more traffic possible. I would have expected that "disabling" would allow all traffic (whatever this means to internal processes like iptables, dnsmasq, etc.). Thanks a lot for the explaination. Michael P.S.: by the way, what would be the best way to reduce logging info from hostap and from dnsmasq. I get lot's of info in the log when IP addresses are renewed from dnsmasq and "group key handshakes completed" from hostapd. I would prefer only to see errors in the log. > > Lonnie > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
