I am trying to log to a remote syslog server over a VPN.
So I set up the remote syslog action & specify a source address of 192.168.42.1 (the LAN IP of the ROS board) which is part of the VPN tunneled range (192.168.42.0/23). However the Syslog entries don't arrive. using the Packet Sniffer on the ROS I see the syslog entries being sent with the source address of the WAN interface of the ROS not the specified source address...
Log action entry:
add bsd-syslog=no name=tonetmon remote=10.55.12.60:514 src-address=\
192.168.42.1 syslog-facility=daemon syslog-severity=auto target=remote
Output of packet sniffer
41 time=6.044 src-mac-address=00:0C:42:5A:18:C5
dst-mac-address=00:22:3F:4A:4A:82 interface=Internet
src-address=80.74.255.110:514 (syslog)
dst-address=10.55.12.60:514 (syslog) protocol=ip ip-protocol=udp size=65
ip-packet-size=65 ip-header-size=20 dscp=0 identification=0
fragment-offset=0 ttl=64
42 time=6.671 src-mac-address=00:0C:42:5A:18:C5
dst-mac-address=00:22:3F:4A:4A:82 interface=Internet
src-address=80.74.255.110:514 (syslog)
dst-address=10.55.12.60:514 (syslog) protocol=ip ip-protocol=udp size=65
ip-packet-size=65 ip-header-size=20 dscp=0 identification=0
fragment-offset=0 ttl=64
Am I doing something wrong or is it broken??
David
Re: Syslog source address not working?
no NAT rules?
Re: Syslog source address not working?
There is only NAT for the internal Clients out to the internet.
Do you mean I should have NAT rules? How do I specify the source address - this is traffic originated internally to the ROS box so it's source address will vary according to the route it takes out of the box - which is what I am trying to force...
hmm that gives me an idea...
... nope can't seem to force it using routes - not sure what gateway I should put in...
David
Do you mean I should have NAT rules? How do I specify the source address - this is traffic originated internally to the ROS box so it's source address will vary according to the route it takes out of the box - which is what I am trying to force...
hmm that gives me an idea...
... nope can't seem to force it using routes - not sure what gateway I should put in...
David
Last edited by djmuk on Thu Apr 29, 2010 1:25 am, edited 1 time in total.
Re: Syslog source address not working?
I thought, you syslog trafic is masqueraded
post your NAT rules
post your NAT rules
Re: Syslog source address not working?
Nat rules are simple - Nat 192.168.42.0/24 to the internet interface address.
(also nat another subnet 192.168.43.0/24 to the same address)
this traffic is not Nat'd and shouldn't be.... It should be caught by the IPSEC VPN before it gets nat'd, other devices on 192.168.42.0 work correctly & I can access them over the VPN and they send me syslogs...
David
(also nat another subnet 192.168.43.0/24 to the same address)
this traffic is not Nat'd and shouldn't be.... It should be caught by the IPSEC VPN before it gets nat'd, other devices on 192.168.42.0 work correctly & I can access them over the VPN and they send me syslogs...
David
Re: Syslog source address not working?
OK good call - I needed to exempt the traffic to 10.55.12.0/24 from the NAT rule...
All working OK now!!
Thanks
David
All working OK now!!
Thanks
David