[Firewall] logging with NAT_TCP_FORWARD

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Mar 23 16:46:37 CET 2010


Maybe this works better, not sure:

iptables -t nat -A PREROUTING -m state --state NEW -p tcp --dport 5901 
-m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL
  --log-prefix "PREROUTING_LOG: "

You have added it to custom-rules and enabled it in firewall.conf, right?

a.

Andy Brown wrote:
> Thanks for the code snippet, I've added that into the custom-rules but 
> it still doesn't seem to log.
> Is there a way I can check the rule is there correctly, or any other way 
> of checking why it might not be working?
> 
> Thanks!
> Andy
> 
> 
> Arno van Amersfoort wrote:
>> This indeed does not work since the traffic is NAT-ed and never hits 
>> the INPUT chain. You could use a custom rule to implement it like this:
>>
>> iptables -A PREROUTING -m state --state NEW -p tcp --dport 5901 -m 
>> limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL 
>> --log-prefix "PREROUTING_LOG: "
>>
>> a.
>>
>> Andy Brown wrote:
>>> Hi All,
>>>
>>> Have had a dig through a couple of times and can't see the immediate 
>>> answer to this. I'd like each connection made to valid 
>>> NAT_TCP_FORWARD entries to be logged for auditing purposes.
>>>
>>> I've setup the forwarding in NAT_TCP_FORWARD
>>> and then put into LOG_TCP_INPUT the ports I'm doing the 
>>> NAT_TCP_FORWARD but it didn't log. Is there a simple way to enable 
>>> this please?
>>> NAT_TCP_FORWARD="5901>192.168.2.194"
>>> LOG_TCP_INPUT="5901"
>>>
>>> Thanks in advance.
>>>
>>
> 
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list