Test externally to see if the available services are working. For instance, you can send e-mails to the internal network. You should be able to see in the postfix messages in /var/log/mail on the firewall host whether the e-mails were accepted and could be delivered to the internal mail server. Check to see if the packet filter is working. This can be verified by a port scanner. At the same time, find the kernel packet filter messages in /var/log/messages as well as in the log directories of the log host. These messages will be reflected in the "DENY" and "ACCEPT" messages. Try to set up connections to explicitly restricted ports and attempt to find the corresponding log entries and match them to their corresponding events.
If you are using a log host, check to see if the log messages are being transmitted in their entirety.
Was this article helpful?