FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,334 views 0 comments
by
Where can I find the firewall log in the RUT950?

I need it for troubleshooting FW rules.

1 Answer

0 votes
by anonymous

Hello!

You could use normal iptables commands for firewall logging. Iptables logs the items to the system log (read with logread), so the log can fill quickly if you have lots of traffic.

Firewall zone config is LuCI offers the possibility to log rejected/dropped connections. That is in zone's options, advanced tab.

E.g. enabling the drop/reject logging for wan creates the following rules:

root@LEDE:~# iptables-save  | grep -i log
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m limit --limit 10/sec -m comment --comment "!fw3: wan (mtu_fix logging)" -j LOG --log-prefix "MSSFIX(wan): "
-A zone_wan_dest_REJECT -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT(dest wan)"
-A zone_wan_src_REJECT -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT(src wan)"

Modifying the logging rules by hand requires naturally some iptables knowledge and understanding of the various rule chains (and tables) in the firewall.

E.g. manually create a rule to log all incoming UDP packets from interface eth0.2 to port 2222:

iptables -I PREROUTING -t mangle -i eth0.2 -p udp --dst-port 2222 -j LOG

Best regards, Aliaksandr!