Sat Jan 29, 2022 12:13 am
Here's the mangle log output. As shown below, I changed the rule in the middle and started pinging/tracerouting from a different source to compare.
15:45:31 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->172.16.210.34, NAT (192.168.1.17->10.148.5.17)->172.16.210.34, len 120
15:45:32 firewall,info dstnat: in:ether1 out:(unknown 0), src-mac 78:ba:f9:fc:36:c0, proto ICMP (type 8, code 0), 172.16.210.34->10.148.5.17, len 92
15:46:04 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 0, code 0), 10.148.5.1->172.16.210.34, len 92
15:46:04 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 0, code 0), 10.148.5.1->172.16.210.34, len 92
15:46:04 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 0, code 0), 10.148.5.1->172.16.210.34, len 92
15:47:17 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->172.16.210.34, NAT (192.168.1.11->10.148.5.11)->172.16.210.34, len 84
15:47:19 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->172.16.210.34, NAT (192.168.1.11->10.148.5.11)->172.16.210.34, len 84
15:47:22 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->172.16.210.34, NAT (192.168.1.11->10.148.5.11)->172.16.210.34, len 84
15:49:08 system,info mangle rule changed by admin
15:49:10 system,info mangle rule changed by admin
15:49:32 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.11->10.148.5.11)->10.52.5.69, len 88
15:49:32 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.11->10.148.5.11)->10.52.5.69, len 88
15:49:32 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.11->10.148.5.11)->10.52.5.69, len 88
15:51:14 system,error,critical login failure for user admin from 172.16.210.34 via web
15:51:17 system,info,account user admin logged in from 172.16.210.34 via web
15:52:42 system,info,account user admin logged out from 172.16.210.34 via web
15:55:03 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.11->10.148.5.11)->10.52.5.69, len 88
15:55:03 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.11->10.148.5.11)->10.52.5.69, len 88
15:55:03 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.11->10.148.5.11)->10.52.5.69, len 88
15:57:21 firewall,info dstnat: in:ether1 out:(unknown 0), src-mac 78:ba:f9:fc:36:c0, proto ICMP (type 8, code 0), 10.52.5.69->10.148.5.17, len 84
15:58:43 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.13->10.148.5.13)->10.52.5.69, len 88
15:58:43 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.13->10.148.5.13)->10.52.5.69, len 88
15:58:43 firewall,info output: in:(unknown 0) out:ether1, proto ICMP (type 11, code 0), 10.47.32.250->10.52.5.69, NAT (192.168.1.13->10.148.5.13)->10.52.5.69, len 88
Last edited by
MicroNoob on Wed Feb 02, 2022 4:40 pm, edited 1 time in total.