Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Configure Shorewall to Allow Syslog Messages from Router
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dman777
l33t
l33t


Joined: 10 Jan 2007
Posts: 998

PostPosted: Sun Jan 30, 2011 3:42 am    Post subject: Configure Shorewall to Allow Syslog Messages from Router Reply with quote

I have my system set up to where the router will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions:

How can I configure shorewall to allow the messages from my router?

If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.

PostPosted: Fri Feb 04, 2011 7:42 am    Post subject: Reply with quote

Your router has an external IP address (the WAN address - it will look different than your PC's address) and an internal IP address (the LAN address -- one that is in the same network block as your PC's IP address). You want to configure the firewall that is running on your PC to allow traffic coming from the router's internal IP address.

Also, it would be best to restrict that further to only the protocol and port that the router is using to send this traffic (syslog traffic is usually sent using the UDP protocol and port 514).

To allow that, you need to create an entry in your shorewall.rules file. You don't need to worry about port and protocol (unless your router is using something different from the standard UDP port 514), because shorewall provides a "macro" for Syslog. You may have your zones named differently, but it would look something like this:

For this example "loc" is the local LAN and $FW is the firewall machine (in your case, your PC).

This would allow all inbound Syslog traffic from any machine on the LAN:
Code:
Syslog(ACCEPT)             loc             $FW


You could further restrict that. This will allow inbound Syslog traffic only from the machine with address 192.168.0.1:
Code:
Syslog(ACCEPT)             loc:192.168.0.1             $FW


As a slightly more secure alternative in some situations, if you can determine the MAC address of the router's internal interface, you can use that instead of the IP address:
Code:
Syslog(ACCEPT)             loc:  ~00-34-78-2h-47-ks           $FW

The IP address 192.168.0.1 and the MAC address 00:34:78:2h:47:ks given above are just examples, and you would need to replace them with the appropriate addresses. Also, the zones "loc" and "$FW" may not be the same as your setup (but you should have those figured out by now).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum