[Firewall] logging with NAT_TCP_FORWARD

Andy Brown andy at thebmwz3.co.uk
Fri Mar 19 10:53:54 CET 2010


Thanks for the code snippet, I've added that into the custom-rules but 
it still doesn't seem to log.
Is there a way I can check the rule is there correctly, or any other way 
of checking why it might not be working?

Thanks!
Andy


Arno van Amersfoort wrote:
> This indeed does not work since the traffic is NAT-ed and never hits the 
> INPUT chain. You could use a custom rule to implement it like this:
> 
> iptables -A PREROUTING -m state --state NEW -p tcp --dport 5901 -m limit 
> --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix 
> "PREROUTING_LOG: "
> 
> a.
> 
> Andy Brown wrote:
>> Hi All,
>>
>> Have had a dig through a couple of times and can't see the immediate 
>> answer to this. I'd like each connection made to valid NAT_TCP_FORWARD 
>> entries to be logged for auditing purposes.
>>
>> I've setup the forwarding in NAT_TCP_FORWARD
>> and then put into LOG_TCP_INPUT the ports I'm doing the 
>> NAT_TCP_FORWARD but it didn't log. Is there a simple way to enable 
>> this please?
>> NAT_TCP_FORWARD="5901>192.168.2.194"
>> LOG_TCP_INPUT="5901"
>>
>> Thanks in advance.
>>
> 


-- 
Andy
e: andy @ thebmwz3.co.uk
e: andy @ broadcast-tech.co.uk
w: http://www.thebmwz3.co.uk
w: http://www.broadcast-tech.co.uk


More information about the Firewall mailing list