[Firewall] logging with NAT_TCP_FORWARD
andy at thebmwz3.co.uk
Fri Mar 19 10:53:54 CET 2010
Thanks for the code snippet, I've added that into the custom-rules but
it still doesn't seem to log.
Is there a way I can check the rule is there correctly, or any other way
of checking why it might not be working?
Arno van Amersfoort wrote:
> This indeed does not work since the traffic is NAT-ed and never hits the
> INPUT chain. You could use a custom rule to implement it like this:
> iptables -A PREROUTING -m state --state NEW -p tcp --dport 5901 -m limit
> --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix
> "PREROUTING_LOG: "
> Andy Brown wrote:
>> Hi All,
>> Have had a dig through a couple of times and can't see the immediate
>> answer to this. I'd like each connection made to valid NAT_TCP_FORWARD
>> entries to be logged for auditing purposes.
>> I've setup the forwarding in NAT_TCP_FORWARD
>> and then put into LOG_TCP_INPUT the ports I'm doing the
>> NAT_TCP_FORWARD but it didn't log. Is there a simple way to enable
>> this please?
>> Thanks in advance.
e: andy @ thebmwz3.co.uk
e: andy @ broadcast-tech.co.uk
More information about the Firewall