This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to be sure that we log all packets ?

hi !

Just want to know how I can setup ASL to see all packets in the live log ?

I disable the NAT and Proxy except the HTTP Proxy and I create a rules to let HTTPS service going out I saw the green packet 443 in the live log but the web page (hotmail) never show up in the browser. I assume that something block when the responses come in ! ASL should be stateful but still jam somewhere and I saw nothing Red in the log !

In the pass I was using Winroute and I was able to set a rules to all incoming and outgoing packet on any interface. Just want to do the same thing with Astaro ? because winroute is only for Window$.

In my mind is not a good idea to put a Sniffer on the wan path and another one on the lan path to see what is really BLOCK or not each I play the rules...

Thanka for your idea..

This thread was automatically locked due to age.

Parents

0 RFCat_vk_01 over 20 years ago

Remember you left the http proxy operational so all web mail will go through the proxy not the filter. You need to disable the proxy and put a filter rule in fo reach if you want to see the traffic in the filter reports.

Ian M [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 jeanguy over 20 years ago in reply to RFCat_vk_01

I agree but the point is

If I disable NAT and all proxy and just let a rules HTTPS open from Internal network to Any with log enable. I saw the 443 packet going out but after that nothing ! the Page (in this case hotmail or any https page) is still blank and waiting for something...

I was thinking that I should at least see sometime knock on the firewall adresse.

I can't explain that ! I should see something good or wrong hiting the nic.

jean-guy
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jeanguy over 20 years ago in reply to RFCat_vk_01

I agree but the point is

If I disable NAT and all proxy and just let a rules HTTPS open from Internal network to Any with log enable. I saw the 443 packet going out but after that nothing ! the Page (in this case hotmail or any https page) is still blank and waiting for something...

I was thinking that I should at least see sometime knock on the firewall adresse.

I can't explain that ! I should see something good or wrong hiting the nic.

jean-guy
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BarryG over 20 years ago in reply to jeanguy

Opening HTTPS will not work without NAT, unless you're using the HTTP proxy for HTTPS.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 jeanguy over 20 years ago in reply to BarryG

How I can see the NAT traffic going throuht the Firewall. Normally I don't see it in the Live LOG but if something is missconfigure, How I can see the bad translation. Can we setup a Log or something like that ?

J-G
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 20 years ago in reply to jeanguy

TCPDump is available on the console.

However, if the packet's aren't NAT'd correctly, you may never see them on the outgoing interface, as they'd have already been dropped by the kernel.

Nonetheless, any Dropped packets should show up in the packetfilter log.

Barry
Cancel
Vote Up 0 Vote Down

Cancel