Firewall logs??? How to identify a protocol???

[arfon]

I setup some firewall rules to block all traffic EXCEPT for DNS and HTTP. The DNS rule works fine… The HTTP rule doesn’t seem to work, http traffic is still dropped.

When I look at the logs, I see the traffic but, I don’t see:

1) What protocol the traffic is (and therefore why it’s being dropped).

2) whether the traffic is accepted or dropped by the rules.

How/where can I see this information? Is there a system log somewhere? Are there logging options that I am missing?

[ppalias]

On firewall menu select the FORWARD chain on the drop down list and then click on “view”. Copy the content and paste it here to see what are the rules exactly and what is dropped.

[arfon]

Here’s my setup PPP0 & PPP1 are WAN (weighted). ETH00 is the LAN.

192.168.1.10 is my ‘non-blocked machine’.

192.168.1.12 is my DNS & HTTP only machine.

Web pages URLs resolve but they don’t load on 192.168.1.12

The firewall is setup like this:

Here are the logs:

What I note is that only the data that is being forwarded to 192.168.1.10 is showing up in the logs and NONE of 192.168.1.12’s traffic is showing (even the DNS which is working).

[arfon]

Sorry, here’s the firewall rules you asked for-

[ppalias]

Try it with port instead of L7 protocol. Which DNS server are you using on the 192.168.1.12?

[arfon]

DNS = my provider’s DNS

I don’t see a place to put the port information in the Rule Config page. How do I add port info?

[ppalias]

Second row says “Protocol matching” and the drop down list has “ALL” selected. Select UDP and then destination port 53 for the DNS and TCP destination port 80 for http and 443 for https.

[Author]

Posts