Running XG 18.0.6 on my own hardware.
Short version: How do you log activity of:
a) DNAT rule which diverts DNS to the Sophos LAN Port
b) The DNS service itself
I can do some packet capture, but the logging tool seems to ignore a DNAT rule terminating on the Sophos itself.
Longer version:
DNS is provided by a Windows Server for most devices, but I have some devices that will not use this. To allow them to function I have rules to pass this traffic outwards, and a default MASQ which applies.
One of such devices uses a Google address which changes IP very frequently, and so would be best dealt with by using a FQDN identifier in the filter rule, which necessitates the use of Sophos DNS. I am having trouble identifying whether everything is working properly.
I performed the following steps:
- Created a rule (at top) to capture all of the outbound DNS requests from the device
- Checked that this captures everything, and that it then passed through the default MASQ NAT rule.
- Enable the DNS facility
- Enable the device to access DNS via an exception rule under “Device Access”
- Created a new NAT rule (at top) which should match (not sure about “Outbound Interface”), which should take the external DNS requests and send them to the LAN IP Address of the Sophos machine (which is Port1)
- The Usage counter ticks up for the new NAT Rule showing that something is happening, but it is difficult to tell what!
- Logging fails to show any activity under “NAT Rule = 2“
- It also fails to show anything using the source IP and destination port
- Packet capture show something:
- Is there a way to check whether the DNS feature is working? A cache dump? A log file?
The arrangement seems to be working, butif something fails, it will be hard to debug - I don't seem to be able to track the packets as I would normally.
Any suggestions/corrections welcome.
Regards,
Paul McGinnie
This thread was automatically locked due to age.
