| To: | netfilter@lists.netfilter.org |
|---|---|
| Subject: | Logging NAT Translations |
| From: | "Craig Bernstein" <cbernstein@cbernstein.com> |
| Date: | Fri, 18 May 2007 20:15:32 -0700 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | netfilter-list1@securepoint.com |
| List-archive: | </pipermail/netfilter> |
| List-help: | <mailto:netfilter-request@lists.netfilter.org?subject=help> |
| List-id: | General discussion and user questions <netfilter.lists.netfilter.org> |
| List-post: | <mailto:netfilter@lists.netfilter.org> |
| List-subscribe: | <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe> |
| List-unsubscribe: | <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe> |
| Sender: | netfilter-bounces@lists.netfilter.org |
I can't believe this isn't a FAQ; I apologize if I missed something in my searches. Is there a way to log connections along with all of their NAT translation data? I am using a Debian (Sarge) system to SNAT guest users from private address space to the Internet, and I need to keep a record that includes both their internal and external addresses. Simply logging before the SNAT rule leaves out the external address, leaving me only with the original RFC1918 source address. /proc/net/ip_conntrack has the information I need, but no way to send it to the log it at the beginning and/or end of the session. There HAS to be an easy way to do this! Right? Thank you... -- ...Craig |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | pptp and iptables, Tiron Adrian |
|---|---|
| Next by Date: | Re: Help with DOS attack, Jonny K |
| Previous by Thread: | pptp and iptables, Tiron Adrian |
| Next by Thread: | Re: Logging NAT Translations, Petr Pisar |
| Indexes: | [Date] [Thread] [Top] [All Lists] |