On May 18 2007 20:15, Craig Bernstein wrote:
>
> I can't believe this isn't a FAQ; I apologize if I missed something in
> my searches.
>
> Is there a way to log connections along with all of their NAT translation
> data?
iptables -t nat -N yes_do_me_1
iptables -t nat -A yes_do_me_1 -j LOG ...
iptables -t nat -A yes_do_me_1 -j SNAT ...
iptables -t nat -s 134.76.0.0/16 -d whatever -p tcp -j yes_do_me_1
Or you could use `conntrack -E`... or conntrack -L for a momentary
state.
>
> I am using a Debian (Sarge) system to SNAT guest users from private
> address space to the Internet, and I need to keep a record that
> includes both their internal and external addresses.
>
> Simply logging before the SNAT rule leaves out the external address,
> leaving me only with the original RFC1918 source address.
> /proc/net/ip_conntrack has the information I need, but no way to send
> it to the log it at the beginning and/or end of the session.
>
> There HAS to be an easy way to do this! Right?
>
> Thank you...
>
> --
> ...Craig
>
>
Jan
--
|