[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

syslog tunnel with ssh/ipf filter.



Hello,

some time ago I tried to get my nameserver to log to my log console but
got stuck on the security issues i think there is.

A network layout like this.

LH <-> FW <-> NS

LH = Loghost on private non routable network.
FW = Firewall running IPF.
NS = Nameserver.

For the example all thease machines are 2.6 or 2.7 (they will be soon).

Loghost runs "syslogd -u" logging everything to /dev/console.

So if anyone could solve one of thease i would be happy.

1: Filter with IPF on FW and let only "my" machines log.
   Problem: IPs can be spoofed and I go dead

2: Put up a ssh tunnel from FW or LF to NS and make NS log over it.
   Problem: How to I tunnel UDP packets over the TCP connection?


In a future it would be nice to log it to file also, if i mount /var/log
to something like wd0f would this introduce extra problem?

I am aware that a machine can be put to a stand still by overloading
syslog and therefor I would be happy if the FW did not log more than
itself.

//Jan J