On Jul 11, 2010, at 11:38 AM, Michael wrote: >> If you add the rule: >> >> Log Local Out | TCP | Destination: 0/0 | Port: 1 - 65535 >> >> Then a LOG rule is generated for all ports to all destinations for TCP >> going Out from the AstLinux box. > > I've done that (see attached picture). > Still I get no log messages on the status page even if I access sites on my > external IF.
I tested this, and it works for me. Remember that 'Log Local Out' only applies to packets outbound directly from the local AstLinux box (OUTPUT Chain), *not* forwarded packets, (FORWARD Chain). For example packets from a web browser on a LAN NAT'ed subnet will not show with "Log Local Out". On the other hand, if you ssh into the AstLinux box (or use serial console) and enter... $ curl http://www.astlinux.org >/dev/null The log will show with the above rule. > > It might seem naive, but if I simple disable the firewall, I can no longer > access my external IF from any LAN computers. When the firewall is active, > traffic is NATed to the outside and the firewall rules are applied. > > Would disabling the firewall also disable the masquerading (NAT) via the > external interface? Yes. That explains your results. Lonnie ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
