[NTLUG:Discuss] Firewall Forwarding Question
Kenneth Loafman
ken at lt.com
Tue Feb 18 10:35:12 CST 2003
OK, what I'm trying to do is this... two systems, A & B, sit outside the
firewall and I want to route syslog (port 514) from them through the
firewall to another machine, C, which will collect the logs from all
three machines and retain them for a long time.
What I have now is A&B both remote logging to FW, where FW's syslog is
started with "-r -h" to forward the logs to C, which is started with
just the "-r" option. This works.
A ---> FW <--- B
|
|
v
C
What I want is a more direct, more hacker-proof system, that uses port
forwarding to forward port 514 directly through FW to C. This way, even
if a hacker turns off syslogd on FW, A & B will still get logged on C.
Also, I tried, and failed, to get it to run that way, and I want to find
out why. Here are the iptables commands I used. Got nothing thru.
-A FORWARD -s A -i eth0 -d C -o eth1 -p udp -m udp --dport 514 -j ACCEPT
-A FORWARD -s B -i eth0 -d C -o eth1 -p udp -m udp --dport 514 -j ACCEPT
I've not used port forwarding before, so I may have missed something.
Any ideas?
...Thanks,
...Kenneth
More information about the Discuss
mailing list