NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Logging NAT Translations

from [Jan Engelhardt] [Permanent Link][Original]
To: Craig Bernstein <cbernstein@cbernstein.com>
Subject: Re: Logging NAT Translations
From: Jan Engelhardt <jengelh@linux01.gwdg.de>
Date: Thu, 7 Jun 2007 10:09:47 +0200 (MEST)
Cc: netfilter@lists.netfilter.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <ae1f24730706060015j40c0fe5ek78a81c8816a0c5b5@mail.gmail.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <ae1f24730705182015j533102bah985e9ad0e905cd2a@mail.gmail.com> <Pine.LNX.4.61.0705222208440.4452@yvahk01.tjqt.qr> <ae1f24730706051910o2538955drfc7ec59cf9aa3927@mail.gmail.com> <Pine.LNX.4.61.0706060759470.1547@yvahk01.tjqt.qr> <ae1f24730706060015j40c0fe5ek78a81c8816a0c5b5@mail.gmail.com>
Sender: netfilter-bounces@lists.netfilter.org 
On Jun 6 2007 00:15, Craig Bernstein wrote:
>
> On 6/5/07, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
>> iptables -t nat -N ydm1
>> iptables -t nat -A ydm1 -j LOG "[Adress got SNATed to 134.76.13.21] "
>> iptables -t nat -A ydm1 -j SNAT --to 134.76.13.21
>> 
>> iptables -t nat -A POSTROUTING <-d condition -m condition or whatever> -j
>> ydm1
>> 
>> It already was a complete example. When you SNAT, you know you do.
>
> --to-source can be (and is, in this case) a range of IP addresses.  I
> know I SNATed, but not to which source IP address and port.

Oh I did not know :-/ I rarely need ranges, mostly because it does not RR over
them like I thought it does :(


        Jan
--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: syn DDoS attack solution, Ric Messier
Next by Date:  Combining rules, Ian Moyce
Previous by Thread:  Re: Logging NAT Translations, Craig Bernstein
Next by Thread:  SNAT before IPSec, noa levy
Indexes:  [Date] [Thread] [Top] [All Lists]