Hi,
How to do cgnat in vyos … and also how to save the connection/nat logs ( so that we can trace abuse )
Thanks
Hi,
How to do cgnat in vyos … and also how to save the connection/nat logs ( so that we can trace abuse )
Thanks
CGNAT should work very similar to normal NAT, shouldn’t it? There’s a defined subnet to use, 100.64.0.0/10. Therefore you treat the entire setup as an ISP controlled double-NAT setup. Unless I’m wildly mis-understanding things:
I will add this disclaimer: this is how we ran our MSP-controlled WISP several years ago. So we handled the clients firewall, port forwarding, etc.
Hi.
Thanks for replying.
For example purpose, suppose we NAT 100.64.0.0/10 to for example a single IP.
So assume we got an abuse complaint saying 1 week back, there was a ssh login attempt or a hack attempt from our public IP on the other remote system. So looking for a way to save/store connections/nat to some format and we can handle abuse issues like this and figure out which machine from the internal network is causing this.
If normal NAT allows this, it is fine as well. I just read and CGN is more verbose and elaborate in terms of logging requirement and wanted to know how to set it up and how to enable logging . if that is even possible with vyos.
Sorry I didn’t see this sooner. I think syslog with something like ELK or Graylog to help parse the logs would fit your situation.
Hi,
Thank you for the reply.
The question is, how do I enable connection logging for just this subnet , so that it goes to syslog?
You can’t enable logging per network or per interface, syslog captures all traffic and usually system messages. But if you feed all those logs into something like an ELK stack, you would be able to parse the logs quickly to find just the information you want.
https://docs.vyos.io/en/latest/configuration/system/syslog.html