[Firewall] logging with NAT_TCP_FORWARD

Andy Brown andy at thebmwz3.co.uk
Fri Mar 19 10:53:54 CET 2010

Thanks for the code snippet, I've added that into the custom-rules but 
it still doesn't seem to log.
Is there a way I can check the rule is there correctly, or any other way 
of checking why it might not be working?


Arno van Amersfoort wrote:
> This indeed does not work since the traffic is NAT-ed and never hits the 
> INPUT chain. You could use a custom rule to implement it like this:
> iptables -A PREROUTING -m state --state NEW -p tcp --dport 5901 -m limit 
> --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix 
> a.
> Andy Brown wrote:
>> Hi All,
>> Have had a dig through a couple of times and can't see the immediate 
>> answer to this. I'd like each connection made to valid NAT_TCP_FORWARD 
>> entries to be logged for auditing purposes.
>> I've setup the forwarding in NAT_TCP_FORWARD
>> and then put into LOG_TCP_INPUT the ports I'm doing the 
>> NAT_TCP_FORWARD but it didn't log. Is there a simple way to enable 
>> this please?
>> NAT_TCP_FORWARD="5901>"
>> LOG_TCP_INPUT="5901"
>> Thanks in advance.

e: andy @ thebmwz3.co.uk
e: andy @ broadcast-tech.co.uk
w: http://www.thebmwz3.co.uk
w: http://www.broadcast-tech.co.uk

More information about the Firewall mailing list