| | 
| Da: | "Steven Levine" <ecs-isp@2rosenthals.com> | Intestazioni complete Messaggio non codificato
 |  
| Oggetto: | Re: [eCS-ISP] Injoy rule (portmap internet IP -> lan) |  
| Data: | Sat, 14 Dec 2024 20:36:29 -0800 |  
| A: | "eCS ISP Mailing List" <ecs-isp@2rosenthals.com> |  | 
|---|
 In <list-11420005@2rosenthals.com>, on 12/13/24
 at 10:45 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
 
 Hi Massimo,
 
 >> Daytime_in_log
 >> 		Rule-Action = Log,
 >> 		Comment = "Packet received from 93.204.114.105:13",
 >> 		Source = "193.204.114.105",
 >> 		Source-port = "13",
 >> 		Protocol = UDP,
 >> 		Log-Control = Enabled,
 >> 		Log-Mask = "date time severity message resolved_source resolved_dest",
 >> 		Log-File = "daytime_in.log"
 >>
 >> Daytime_out_log
 >> 		Rule-Action = Log,
 >> 		Comment = "Packet received from 192.168.1.10:13",
 >> 		Source = "192.168.1.10",
 >> 		Source-Port = "13",
 >> 		Log-Control = Enabled,
 >> 		Log-Mask = "date time severity message resolved_source resolved_dest",
 >> 		Log-File = "daytime_out.log"
 
 
 >> This will allow to verify the your daytime client is really talking to the
 >> ports you think it is.
 
 >thanks, but this rule do not produce any log
 
 This confirms what I expected - that your original ruleset did not make
 sense based on my knowledge of daytime servers.  Typically, you would not
 be running an daytime server on your system, but rather you would be
 running at daytime client.  The client would connect to port 13 on the
 external daytime server.
 
 This might get you some packets traced
 
 Daytime_out_log
 Rule-Action = Log,
 Comment = "Packet received from 192.168.1.10:13",
 Source = "192.168.1.10",
 Destination-Port = "13",
 Log-Control = Enabled,
 Log-Mask = "date time severity message resolved_source resolved_dest",
 Log-File = "daytime_out.log"
 
 >> BTW, what daytime client are you trying to use?
 >i don't recall exactly,
 
 You really ought get that problem fixed.
 
 but it works perfectly if i use mlink on the VM1
 >VM1 has 2 Nics
 
 >maybe Injoy FW can't do what mlink does?
 
 That's possible, but it still could be your rule set.
 
 >>> This is the mlink rule:
 >>> link  daytime 0.0.0.0:13   193.204.114.105:13
 >>> access  daytime  192.168.1.10
 
 Having never used mlink, my read of this rule is that any attempt to
 connect via port 13 will be sent to port 13 at 193.204.114.105 as long as
 the attempt originates from an interface bound to 192.168.1.10.
 
 I would not call this port forwarding.  It's more link NAT to my way of
 thinking.
 
 Steven
 
 --
 ----------------------------------------------------------------------
 "Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
 www.scoug.com www.arcanoae.com www.warpcave.com
 ----------------------------------------------------------------------
 
 
 |