New User to LNS

Discussion in 'LnS English Forum' started by fredra, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi
    I am a new user to LNS, and I am using the trial version (2.05p3) for the 30 days to see if I need to purchase a copy.
    Some background
    I am behind a router and although I have read and understood the first part of Patrice's thread on routers, the last part has me lost (that is another story) :)
    I have used Blackspear's setup instructions...thanks to him it gave me a better understanding of this firewall. ;)
    When I use "TCP SPI" and visit certain web pages e.g. download.com, I get my logs filled with 'doubleclick.net', so I have used the router to block anything with doubleclick.
    My question is when I use IM or Hotmail my logs get filled with messages (see attached..... I hope it is legible). How can I stop this ?
    -do I need to create a rule, then block the execution of that rule?
    Any constructive input would be appreciated.
    Thanks.
    Cheers :)
     

    Attached Files:

  2. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Can you post the content of one of these logs? Is it outbound traffic?

    Thomas :)
     
  3. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi Thomas
    I generated a log, and it is attached.
    Outbound traffic?..... I don't know.
    Your help is appreciated.
    Thanks
    Cheers :)
     

    Attached Files:

  4. Dryopithecus

    Dryopithecus Registered Member

    Joined:
    Sep 26, 2005
    Posts:
    22
    Hi, fredra,

    I'm not sure if I really understand your meaning.(I apologize for my grammar mistakes). I'm new to LNS too.(and I'm also not good at English)

    It seems you don't like the log file to be full of records.

    In the "Internet Filtering" tab, click the Help button on the lower right coner, you will find your answer. ;)

    Cheers
     
  5. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi Dryopithecus
    No problem with the grammer or English my friend, I do understand you. ;)
    I had to turn on logging to get the details, however, I am still trying to figure out whether it is just showing me what has passed through the firewall or it is blocking something from "hotmail". In other words, what are the records showing me.
    Thanks for your input and I will check the help file, as you pointed out.
    Cheers :)
     
  6. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Hi fredra,

    The alerts in the logs show when a rule has been applied. A rule can be used to allow or to block, depending on the rule configuration.

    If you check the "Internet Filtering" tab you can look down the list to find the matching rule, in this case "UDP : Any other UDP packet". If the second column for this rule has a stop sign (ie. red circle with white horizontal line), it means anything which matches this rule will be blocked by LnS, unless there is a rule higher up in the list which allows it. Likewise, if there is no stop sign, it means that anything that matches the rule will be allowed, unless another rule higher up in the list blocks it.

    Double-clicking on a rule brings up the rule editing window. While this can be a bit daunting for the uninitiated, it is well worthwhile trying to learn as much a possible since it contains all the info related to that particular rule. For example, you can see that the "UDP : Any other UDP packet" rule applies to both inbound and Outbound packets.

    HTH

    EDIT: If you don't want a match for a particular rule to be displayed in the log, just remove the '!' from the third column next to the rule, on the Internet Filtering tab.
     
    Last edited: Sep 27, 2005
  7. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    In the "Log" Window of LnS you can double-click on each entry that was logged. This will open a small window called "packets content".
    Can you do a screenshot of one of these windows and post it here in the forum? This window will disclose some more information about the packet (e.g. in- or outbound)

    Regards,
    Thomas :)
     
  8. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi Thomas M
    Thanks for your assistance, it is appreciated.
    I finally figured it out with some help from Phant0m's instructions over here
    Cheers :)
     
Thread Status:
Not open for further replies.