Firewall logging problem? I'm missing something

murdocklawless · August 27, 2022, 10:51am

hi all,

I want to log firewall actions from my mi router 4a giga running openwrt.

I edit WAN => REJECT zone (input: reject, output: accept, forward: reject) and I enabled Enable logging on this zone option and changed Limit log messages to 10/minute.

I 've running rsyslog server in raspberry pi 4 . I configured openwrt to send logs to rpi4.

after done these changes at WAN zone, I tried to make a ssh connection to openwrt from port 5555 which is not exist in firewall rules. of course it was rejected bu there were no firewall logs at raspberry pi.

what am I missing?

flygarn12 · August 27, 2022, 1:23pm

Does the router system log end up in the rpi4?
From where in the total network did you do the ssh login attempt? You only logging internet traffic, but you should if you connect the router to internet get about 10-100 blocked attempts from all over the place per minute just for daily 24/7/365 fun. Internet isn’t better than that.
Have you set up rsyslog in rp4 to catch any data from the router and actually do something with them, like write a log file?
Is the rp4 on the same interface as the router?
Do you have ufw activated on the rpi4?

murdocklawless · August 27, 2022, 1:34pm

yes

from pc (192.168.2.10) (can SSH from port 22)

yes, I can catch router logs from rpi4

no. router wan is 192.168.3.2 and lan is 192.168.4.1, rpi4 is 192.168.2.3 but static routes are defined in router to 192.168.2.0 network.

yes. rsyslog port 514 tcp and udp are opened from rpi4.

here is my network topography;

flygarn12 · August 27, 2022, 2:13pm

I have no clue what router eth port is connected to the wan interface but i guess eth0.
192.168.2.10 goes to router port eth1 so you didn’t tried logging in from wan? And if so you cant get a log output from wan that doesn’t exist.

murdocklawless · August 27, 2022, 8:03pm

openwrt wan is connected to edgerouter's eth2 port. modem is connected to edgerouter's eth0 (wan) port.