Sunday, December 20, 2009

Howto forward port on Cisco Router

Hi, in this short article I will demonstrate a way to configure port forwarding on your Cisco router.

This is our network topology, let's assume we want to allow anyone from the WAN side to connect to our web server (192.168.0.8) running Apache on port 80, the web server is located at a seperate DMZ segment (192.168.0.0/24):

This is how the general configuration will look like:

router(conf)#ip nat inside source "protocol" "internal IP" "internal port" interface "interface type" "external port"

So in our case the configuration will look like this:

router(conf)#ip nat inside source tcp 192.168.0.8 80 interface serial 0 80

Don't forget to apply a proper access list so the connections from the WAN side will not be blocked, I suggest using an extended access list to limit the connections only to the specific host in the DMZ.

Friday, December 4, 2009

Quick HOWTO:syslog-ng + cisco configuration

Hi all, in this short article I will demonstrate how to configure syslog-ng to caputre cisco log messages.

Let's start with the server side, I'm using Open SUSE11 VM in my case.

I will assume you have "syslog-ng" is already installed on your system.

So first, will need to edit /etc/sysconfig/syslog and change the following 2 lines:

SYSLOGD_PARAMS="-r"
SYSLOG_DAEMON="syslog-ng"


The 1st option (-r ) tells the Daemon to be in passive mode - act like a logging server.
The 2nd option tells syslog Daemon to use syslog-ng as the system default logging scheme.

Our main configuration file is /etc/syslog-ng/syslog-ng.conf
Open it with your favourite text editor and add:

options { sync (0);

time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source sys { unix-stream ("/dev/log"); internal(); };
source remote { udp(); };

destination std { file( "/var/log/syslog-ng/$HOST/$YEAR$MONTH/$FACILITY" create_dirs(yes)); };

log { source(sys); destination(std); };
log { source(remote); destination(std); };


Save the file, restart the service with /etc/init.d/syslog-restart
Verify syslog-ng is running on your run-level and listening on port 514:

chkconfig --list grep syslog
syslog 0:off 1:off 2:on 3:on 4:off 5:on 6:off


netstat -ntulp "pipe" grep ":514"

udp 0 0 0.0.0.0:514 0.0.0.0:* 32446/syslog-ng

All logs will be saved under: /var/log/syslog-ng/$HOSTNAME/$DATE/$LOG
(As we have stated to be in the syslog-ng config file), the server side is done, great.


Now let's login to our cisco router and access "configure terminal", from there execute theese commands:

service timestamps log datetime localtime
no logging console
no logging monitor
logging 192.168.0.180
Instead of the IP address, enter your logging server IP, save the configuration and exit the router.

Let's check if everything works, my router is called "cisco851" I've tried to enter privileged mode with wrong password, The result will be:

root@server01 # tail -f /var/log/syslog-ng/cisco851/200912/local4

Dec 4 14:15:58 cisco851 1895: Dec 4 12:15:59: %SYS-5-PRIV_AUTH_FAIL: Authentication to Privilage level 15 failed by paul on vty0 (192.168.0.180)

Dec 4 14:16:34 cisco851 1896: Dec 4 12:16:35: %SYS-5-PRIV_AUTH_FAIL: Authentication to Privilage level 15 failed by paul on vty0 (192.168.0.180)


We are done.