Hi all, I've got a couple of quick questions (no brainers for the pro's) that I need a hand answering, I figured it easier to wait a while to get a list of questions that hopefully you can all help me out with... I'm running eiger static with a "bastardised" (if there is such a word) version of the extended scripts.
The LRP box is a proud edition to the network with it quite happily chugging along hosting 30 internal PC's, 15 odd servers sitting in the DMZ, 10M Microwave connection with a class c on the live side of things. It truly is amazing what such a simple setup can handle. Anyway on with the questions.. 1. Is there a package out there that can monitor the syslog (or denied rules) to maybe send an email out when certain types of packet's get denied (hmm not at packet level more like if say there is activity on port 23 of a certain IP, that is being denied then send an email) 2. What do I need to change to have my firewall send all it's syslog info to a syslog server? 3. I'm running the socks5 package on my firewall, how do I DISABLE logging in syslog. I'm getting heaps of these kind's of lines.... Jul 31 11:11:38 Firewall01 Socks5[23491]: TCP Connection Request: Connect (10.0.10.35:3039 to 205.188.248.57:80) for user Jul 31 11:11:38 Firewall01 Socks5[23491]: TCP Connection Established: Connect (10.0.10.35:3039 to 205.188.248.57:80) for user Jul 31 11:11:38 Firewall01 Socks5[23491]: TCP Connection Terminated: Normal (10.0.10.35:3039 to 205.188.248.57:80) for user : 252 bytes out, 29 bytes in 4. If I wish to see all rulset denies etc I gather I have to add -l to all my deny firewall rules in ipfilter.conf, is that correct? 5. How do I deny icmp (ping) on all my external IP's? I know it's in the extended scripts but I can't find the rule that denies, all I can find is there.... $IPCH -A input -j DENY -p icmp --icmp-type timestamp-request -l $IPCH -A input -j DENY -p icmp --icmp-type timestamp-reply -l 6. Ok this one will take a little bit to explain.. I have a win2k network (2k server, 2k clients etc, on a domain running active directory and so on) The firewall is setup to handle the connection to the internet, and protect the servers in the DMZ. Some of the internal people are running the own ftp server (setup for passive mode only) ie the boss ;o), at the moment I have put in some rules to manually handle this.. eg: $IPCH -A input -p tcp -s 10.0.10.30 -d 0/0 13600:13649 -j ACCEPT $IPCH -A input -p tcp -s 0/0 13600:13649 -d 10.0.10.30 -j ACCEPT $IPMASQADM autofw -A -r tcp 13600 13649 -h 10.0.10.30 and of course I forwarding port 21 to his machine. I wish to be able to run the DHCP server package on my firewall, but how do I handle mapping a LIVE ip to the internal DHCP assigned IP. (as in the boss's IP might change as DCHP leases expire and renew, how do I write rulsets so that I'm mapping the LIVE hardcoded IP to the assign DHCP IP? Thanks in advance, Regards, Adam Niedzwiedzki c: genis-x a: level 1, 278-280 church street richmond, victoria, 3121, au, earth m: +614 0732 2719 w: www.genis-x.com icq: 325910 "Any sufficiently advanced bug is indistinguishable from a feature." ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html