From owner-freebsd-security  Fri Oct 19 15:36:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id CA0FC37B407
	for <security@freebsd.org>; Fri, 19 Oct 2001 15:36:45 -0700 (PDT)
Received: from hades.hell.gr (patr530-a161.otenet.gr [212.205.215.161])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f9JMafO16924;
	Sat, 20 Oct 2001 01:36:41 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f9JI2oj21883;
	Fri, 19 Oct 2001 21:02:50 +0300 (EEST)
	(envelope-from charon@labs.gr)
Date: Fri, 19 Oct 2001 21:02:49 +0300
From: Giorgos Keramidas <charon@labs.gr>
To: Andrew Dean <ferni@shafted.com.au>
Cc: security@freebsd.org
Subject: Re: Files downloaded logging?
Message-ID: <20011019210249.B21519@hades.hell.gr>
Reply-To: freebsd-questions@freebsd.org
References: <005c01c156a2$855622f0$240aa8c0@ltpr.local>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <005c01c156a2$855622f0$240aa8c0@ltpr.local>
User-Agent: Mutt/1.3.22.1i
X-GPG-Fingerprint: C1EB 0653 DB8B A557 3829  00F9 D60F 941A 3186 03B6
X-URL: http://labs.gr/~charon/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Andrew Dean <ferni@shafted.com.au> wrote:
> Is there a way to log files that are downloaded through a freeBSD firewall
> ... i'm using ppp -nat to connect and ipf rules...

Not by looking at the packets that pass through the firewall, if
that's what you're asking.

You can set up a web/ftp proxy in the internal network, and only NAT
packets from that machine at the firewall, with everyone using that
proxy to download files.  This way anyone not using the proxy will not
have any way to download files, and the logs of the proxy will tell
you what you want to know.

But this creates one more single-point of failure, since if the proxy
fails, down goes your Internet connectivity through the firewall too,
so you might not like this `solution'.

-giorgos

BTW, this is only marginally related to FreeBSD security, and you
should really post such questions to freebsd-questions. (The Reply-To
header has been set appropriately.)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message