Am 23.04.2013 um 20:04 schrieb David Lang <[email protected]>: > On Tue, 23 Apr 2013, Axel Rau wrote: > >> Am 23.04.2013 um 09:47 schrieb David Lang <[email protected]>: >> >>> On Mon, 22 Apr 2013, Axel Rau wrote: >>>> Logging from a multi-homed firewall or vpn-gateway to a remote loghost >>>> requires configurable source ip address in order to get the right routing >>>> and filtering. >>> Why do you say this? I've managed hundreds of multi-homed firewalls (some >>> with as many as 20 physical interfaces) and have never found that I needed >>> to set the source IP. >>> Unless you have multiple interfaces to the same network, there is no >>> ambiguity, the system will always use the same interface (and will use the >>> main IP on that interface for outbound messages when you have multiple IPs >>> on one interface) > >> If you have an IPsec VPN, terminated on an OpenBSD firewall, and want to log >> firewall activity to a log host, reached through the VPN, you will see the >> sending socket of your syslogd binding to the interface, pointing at your >> default route (which carries the encapsulated VPN traffic). > > actually, you should not need to do this. It seems to be an OpenBSD quirk. > > Just make sure you start rsyslog after the VPN is up and when it establishes > the connection, it will get routed over the VPN and will auto-select the > correct source IP. Which one? enc0 has no ip, so it selects the parent interface. > I suspect that what's happening is that you are starting rsyslog before the > VPN, so it's getting the TCP connection established over the Internet before > your routing changes. I would be happy to agree, but no, it binds to the external interface, even if IPSEC tunnel is up.
Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
