Tracking down logged rule

Started by Taomyn, July 10, 2020, 09:05:20 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 10, 2020, 09:05:20 AM
I just finished setting up my replacement firewall and one of the additions was to create a DMZ using a dedicated NIC - I only have one public IP, the DMZ will only have one device hosted on it (a honeypot). So far everything looks good and I have created some NAT rules: one that diverts a specific set of IPs (an alias I created) to the DMZ'd device, and a second NAT rule to catch anything not already diverted to other internal hosts to the same. I also enabled logging for the time being so I can check on things, to be disabled later.


While monitoring the firewall logs with the live view I have noticed traffic logged that is being sent to the DMZ'd host as expected, but it's not from my rules. There is nothing in the description and I cannot find where this rule is. I did try looking up the rule, 64, but it mentions IPv6 which is not what this is at least I shouldn't be.


Hopefully the attached screenshots can show what I mean.
Print
Go Up Pages1
User actions