Argus on multiple interfaces with NAT
Peter Van Epp
vanepp at sfu.ca
Tue Mar 12 22:48:17 EST 2002
>
> Once again, let's see if the Argus People can come to my rescue!
>
> One of my argus hosts is a NATing firewall - it has a number of internal
> interfaces (hosts being allocated non-routeable IPs from private address
> ranges) and an external interface. The source IP of outgoing packets is
> translated to a routeable IP, and the packet goes out on the external
> interface. The routeable IP is non-unique: many hosts share only a few
> routeable IPs. Incoming packets are 'untranslated' and routed back to their
> originating host (on a non-routeable IP) on the appropriate internal
> interface. So far so good.
>
On my equivelent (a Vernier box for wireless authentication) I use
argus on the output (routable) side and the NAT logs (which associate
routable IP / source port with NATed machine behind the box) to solve this
problem. If your firewall has such logs (which I would assume it does) they
are your best bet.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list