[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
syslog tunnel with ssh/ipf filter.
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: syslog tunnel with ssh/ipf filter.
- From: Jan Johansson <diib_(_at_)_usa_(_dot_)_net>
- Date: Tue, 18 Apr 2000 20:01:11 +0200 (CEST)
some time ago I tried to get my nameserver to log to my log console but
got stuck on the security issues i think there is.
A network layout like this.
LH <-> FW <-> NS
LH = Loghost on private non routable network.
FW = Firewall running IPF.
NS = Nameserver.
For the example all thease machines are 2.6 or 2.7 (they will be soon).
Loghost runs "syslogd -u" logging everything to /dev/console.
So if anyone could solve one of thease i would be happy.
1: Filter with IPF on FW and let only "my" machines log.
Problem: IPs can be spoofed and I go dead
2: Put up a ssh tunnel from FW or LF to NS and make NS log over it.
Problem: How to I tunnel UDP packets over the TCP connection?
In a future it would be nice to log it to file also, if i mount /var/log
to something like wd0f would this introduce extra problem?
I am aware that a machine can be put to a stand still by overloading
syslog and therefor I would be happy if the FW did not log more than