Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

Here is an example of a kernel log entry generated when a filter ALLOW rule is
hit:

Jan 15 14:44:49 example kernel: FW-ALLOW: IN=vlan1 OUT=vlan2

MAC=00:07:7c:10:de:c1:00:80:c8:3c:25:b7:08:00:45:00:00:54:c9:84

SRC=192.168.2.10 DST=192.168.3.100 LEN=84 TOS=0x00 PREC=0x00

TTL=63 ID=51588 DF PROTO=ICMP TYPE=8 CODE=0 ID=10941 SEQ=1

The same log entry line broken down in parts:

Log text part

Explanation

Jan 15 14:44:49

Timestamp

example

The system host name

kernel:

Identifies origin, kernel.log

FW-ALLOW:

This originates from a firewall filter “allow” rule

IN=vlan1

Inbound interface “vlan1”, may be empty for NAT rules

OUT=vlan2

Outbound interface “vlan2”

MAC=

This is the first part from the ethernet packet
(this field may be empty for some rules)

00:07:7c:10:de:c1:

The first part is destination MAC address

00:80:c8:3c:25:b7:

This part is the source MAC address

08:00:

Ethertype, 08:00 is IP

45:00:00:54:c9:84

More data, first part of the IP header

SRC=192.168.2.10

Source IP address, always the original IP
before any NAT transformation

DST=192.168.3.100

Destination IP address, before NAT

LEN=84

Packet length and other IP header options

TOS=0x00
PREC=0x00
TTL=63
ID=51588
DF
PROTO=ICMP

The IP protocol

TYPE=8

The rest is protocol specific data and flags,

CODE=0

in this specific case an ICMP ping request

ID=10941
SEQ=1

708

➞ 2015 Westermo Teleindustri AB