[unisog] sample NAT logs and analysis tools (OBSD- fp)

Harry Hoffman hhoffman at ip-solutions.net
Thu Apr 28 00:41:30 GMT 2005


Hi Russell,

On our firewall/proxies we run snort, arpwatch, squid, squidguard on the 
internal side of things and also log everything we don't allow. Argus 
would seem like a good choice as well.

Are you running NAT b/c of address space limitations? If not have you 
considered just running pf/carp in bridging mode so that you can use 
externally routable space and have failover?

Sorry, no logs :-(

Cheers,
Harry

Russell Fulton wrote:
> Hi Folks,
> 	 I am shortly going to have to set up NAT our residences firewall and
> one of the things I am going to deal with is storage of NAT logs so we
> can trace nefarious traffic after the fact.
> 
> I am still in the planning phase and I would be grateful if someone
> could forward me some sample NAT logs from pf so I can see what I am
> dealing with.
> 
> On a more general note how do people deal with the problem of tracing
> traffic through Natted gateways?  Are there any tools available.
> 
> One of the things that I am considering is to not bother with the NAT
> logs at all but instead run Argus <www.qosient.com> on the inside
> interface of the firewall.
> 
> Russell


More information about the unisog mailing list