1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incoming Log is empty

Discussion in 'HyperWRT Firmware' started by danielha, Dec 31, 2004.

  1. danielha

    danielha Network Guru Member

    Hi,

    I have just installed my new WRT54GS and setup the HyperWRT firmware on it (2.0b3). The router is behind an Olitec SX200 modem-router on which I have disabled all routing and firewall functions : The SX200 is configured with Bridged IP LLC protocol and the NAT is disabled.

    The linksys is configured as a PPoE client and is able to connect to the internet without any problem.

    However, the Incoming log on the Linksys is allways empty (even after using intrusion test such as GRC.COM) which makes me think that the SX200 is still filtering more than it should. My problem is that there is no log at all on the SX200 and that I don't know what I can do to be sure of what firewall is really active at present.

    Any idea to be sure of who does what on this setup ?

    Happy New Year :)

    Daniel
     
  2. LinkLogger

    LinkLogger Network Guru Member

    We have a HyperWRT firmware setup for Link Logger located at http://www.linklogger.com/wrt_setup.htm and one thing that I noticed during testing is you might to enable logging on the log.asp page to see inbound events.

    Does our setup look like how you have HyperWRT configured for logging?

    Blake
     
  3. danielha

    danielha Network Guru Member

    LinkLogger,

    Thanks for the reply !

    My setup does indeed looks like yours except for the Startup & Firewall scripts which I do not use ! Logging is enabled (the outgoing log is populated but the incoming log is still empty !)

    As I am still not sure of the setup for my modem (Olitec SX200) I will try something like this :
    - Remove the linksys
    - Install a proper firewall on my PC (Sygate or Keryo)
    - Configure a PPoE connexion on my PC
    - Connect the SX200 on my PC (without changing anything on its configuration)
    - Run an intrusion test from grc.com

    This being done, I will know if there is still some filtering done on the SX200 or if I do have something wrong on the Linksys. I hope I will be able to do this today.

    If you think I can improve this test, just let me know :)

    Regards,

    Daniel
     
  4. danielha

    danielha Network Guru Member

    LinkLogger,

    I just took time necessary to make the test I was describing ! Sygate does indeed log a port scan from the GRC.COM website. I guess there is no doubt that my Olitec modem is correctly configured as a bridge with no filtering / firewall involved (port 135 was opened : some nasty default configuration from Sygate !!!)

    So why doesn't the Linksys router log incoming communications ?

    Daniel
     
  5. LinkLogger

    LinkLogger Network Guru Member

    What firmware did you have on the Linksys before? Might I suggest doing a hard reset (power cycle to boot punt included) and then reconfiguring the unit.

    Blake
     
  6. danielha

    danielha Network Guru Member

    Hi LinkLogger,

    The Linksys was brand new with a 2.07 or 2.09 firmware (I think it was a 2.07 as I remember downloading the 2.09 from the linksys ftp server). After flashing the HyperWRT, I did press the reset button (on the back of the routeur).

    I have tried once again to reset the router : press the reset button for 10 seconds. All the configuration is wiped out. I then configure the router as I need (activate logging is part of this :)) Once again the outgoing log is working fine but the incoming log is empty even after using the intrusion test from grc.com !

    As I'm not sure to understand what you do mean by "power cycle to boot punt included" (English not being my mother tongue !), I did not do anything more than pressing the reset button for 10 seconds. If you mean something like : switch the router off, press & hold the reset button, switch the router on, wait 10 / 15 seconds then release the reset button, just let met know :)


    Many thanks for your help :)

    Daniel
     
  7. LinkLogger

    LinkLogger Network Guru Member

    I meant pull out the power cord and count to ten and plug it back in, ie a off/on power cycle. Otherwise I almost out of ideas here for you.

    What would happen if you set it up for Link Logger and see if it picks up any inbound traffic logs, otherwise I'm thinking your software firewall is stopping any inbound traffic perhaps such that the Linksys doesn't have any inbound to log.

    Blake
     
  8. pharma

    pharma Network Guru Member

  9. danielha

    danielha Network Guru Member

    pharma,

    I thought I did answer your suggestion, but it seems I did not :)

    Enabling the DMZ to a fake IP did the trick ! The incoming log is now working :)

    Many thanks to you and LinkLogger !

    Daniel
     

Share This Page