Community discussions

MUM Europe 2020
 
zakynthoswifi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Thu Jul 17, 2014 12:38 am
Location: Zakynthos
Contact:

Remote syslog

Thu Oct 31, 2019 9:40 am

Hello ,
I’m using librenms for snmp and syslogging of my devices.
As always 😕 I’m experiencing a strange problem .

Let me write my topology...

My core router up is 10.100.10.1
One of my client’s up is 10.100.10.6
And all of my clients are connected via pppoe

When I enable on my client’s side remote syslog on his mikrotik all of these logs of every customer are identified as my core router op 10.100.10.1 and logged on my librenms as the core router and not my client’s router...

Also I have other subbnets as 192.168.88.0/22
This is my management subnet and my librenms server has one of this address. When a mikrotik device that belongs to my management subnet sends syslog message, the message is logged to the correct device ...


Please help .

Thank you
Ilias Theodosis
Network & Security Engineer
Cisco CCNA,CCNP,CCIE
Network Solutions Ltd.
Zakynthos, Greece
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 929
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Remote syslog

Thu Oct 31, 2019 11:45 am

post an export of your core router's /ip firewall nat section.
Looks like your default (masquerade) rule is configured too loosely.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
zakynthoswifi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Thu Jul 17, 2014 12:38 am
Location: Zakynthos
Contact:

Re: Remote syslog

Thu Oct 31, 2019 12:22 pm

Yes my masquerade is very loose I know that...
I’ll post an export later this day. Thank you
Ilias Theodosis
Network & Security Engineer
Cisco CCNA,CCNP,CCIE
Network Solutions Ltd.
Zakynthos, Greece
 
zakynthoswifi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Thu Jul 17, 2014 12:38 am
Location: Zakynthos
Contact:

Re: Remote syslog

Fri Nov 01, 2019 11:06 am

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether0
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface="VLAN WAN CONN 3"
add action=masquerade chain=srcnat comment="Lan Masquerade" src-address-list=lan
I have address list to include all of my lan ip addresses
Ilias Theodosis
Network & Security Engineer
Cisco CCNA,CCNP,CCIE
Network Solutions Ltd.
Zakynthos, Greece
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 929
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Remote syslog  [SOLVED]

Fri Nov 01, 2019 11:29 am

Hmmm...
which networks are bound to which interfaces?
And what's the content of the "lan" address list?

You normally just need one masq rule for everything going out to WAN. with proper routing in place, you won't need any internal src-nating as your last rule implies.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
zakynthoswifi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Thu Jul 17, 2014 12:38 am
Location: Zakynthos
Contact:

Re: Remote syslog

Fri Nov 01, 2019 12:07 pm

Chris you're right
I removed the "LAN MASQUERADE" rule and everything worked !

The lan address-list was specifying all of my lan subnets, without this i couldn't access any of my other lan subbnets i.e. from 192.168.88.0/22 to 10.100.10.0/24 was unreachable.
I dont know what changed now but without lan masquerade i can access all my lan subnets. Any ideas what was happening?


Thank you
Ilias Theodosis
Network & Security Engineer
Cisco CCNA,CCNP,CCIE
Network Solutions Ltd.
Zakynthos, Greece

Who is online

Users browsing this forum: No registered users and 80 guests