?
Solved

finding IP addresses of computer behind WAP?

Posted on 2007-07-30
9
Medium Priority
?
307 Views
Last Modified: 2013-12-27
We have a WAP here at work which is plugged into a firewall. However, in the log files it will say that questionable content is coming but it will only list the IP address of the WAP so there doesn't appear to be a way to narrow down what IP it is coming from.

Can anyone think of a better way to set this up so that you can find out exactly what IP is going to the sites?
0
Comment
Question by:wlandymore
9 Comments
 
LVL 9

Expert Comment

by:Brugh
ID: 19593215
are your AP and Firewall on the same subnet? and is your AP handing out IPs on that same Subnet.
It could be a routing problem.

 - Brugh

0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 375 total points
ID: 19593502
Are you saying which LAN IP is accessing external web sites?
If so some routers will log this or if you need to record larger amounts of data you can assign a Syslog server using a tool such as:
http://www.kiwisyslog.com/kiwi-syslog-daemon-overview/
If the router doesn't record any of this information, you can add a proxy server which will record as well as give you the ability to filter sites. There are many available, to name a few:
http://www.computalynx.net/software/cproxy/features.asp
http://www.websense.com
http://www.surfcontrol.com/ 
http://www.rhinosoft.com/AllegroSurf/

0
 
LVL 1

Author Comment

by:wlandymore
ID: 19595771
okay, I actually have to expand on this to make it clearer. This is a large scale router that is sitting behind the firewall. People are connecting to it and then they go out through the sonicwall. But the firewall just sees the external router address so as far as it's concerned it's all coming from that one address.
I've been on the wireless router and there is no way of monitoring the traffic. The log only shows simple things like hardware failures, etc.

So I need a way to get the firewall's content filtering to show individual IP's and not just the one IP of the router. Sorry it was as clear as mud.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 1

Author Comment

by:wlandymore
ID: 19595777
and yes, the wireless and LAN would both be on the 172.16.0.0/16 subnet.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19599326
Afraid still not clear on configuration. As I understand it:
Internet=>modem=>Sonicwall=>WAP=>Wireless clients
Problem is wireless clients are accessing inappropriate websites and you cannot log what wireless client LAN IP's are connecting to what public IP's?
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19600920
yeah, that's the setup. I actually looked at the licensing farther and I think I see why it has been done this way. You could just disable the NAT on the wireless router that's behind the sonicwall, but doing so would mean that you would need a license for all of the people on the public wireless network.
Currently they do not want to do this so they have NAT in effect and then allow an exception for that one IP. So unless there is something I can use to go through the router to find the LAN IP of that network device I think I'm out of luck.

Sorry, I just came into this scenario and I was hoping to find a way to monitor what IP all the 'bad' stuff was coming from. Perhaps the best solution is just to get a content filter which is better than what Sonicwall puts out. I don't mind it as a firewall, but content filtering should be left up to those who do ONLY that.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19603029
I see you are referring to SonicWall user licenses. If you want to leave NAT in place on the WAP, I would say you are out of luck, that is what NAT is for, disguising IP's.
0
 
LVL 9

Expert Comment

by:justchat_1
ID: 19683775
You could compare date/time stamps between the wap and the router logs but thats kind of hit or miss
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 20383215
Thanks wlandymore.
Cheers !
--Rob
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question