[unisog] sample NAT logs and analysis tools (OBSD- fp)
hhoffman at ip-solutions.net
Thu Apr 28 00:41:30 GMT 2005
On our firewall/proxies we run snort, arpwatch, squid, squidguard on the
internal side of things and also log everything we don't allow. Argus
would seem like a good choice as well.
Are you running NAT b/c of address space limitations? If not have you
considered just running pf/carp in bridging mode so that you can use
externally routable space and have failover?
Sorry, no logs :-(
Russell Fulton wrote:
> Hi Folks,
> I am shortly going to have to set up NAT our residences firewall and
> one of the things I am going to deal with is storage of NAT logs so we
> can trace nefarious traffic after the fact.
> I am still in the planning phase and I would be grateful if someone
> could forward me some sample NAT logs from pf so I can see what I am
> dealing with.
> On a more general note how do people deal with the problem of tracing
> traffic through Natted gateways? Are there any tools available.
> One of the things that I am considering is to not bother with the NAT
> logs at all but instead run Argus <www.qosient.com> on the inside
> interface of the firewall.
More information about the unisog