Posted: Tue Mar 15, 2011 3:35 Post subject: Logging inbound NAT packets
I'm experimenting with remote logging options and was going to try to log inbound (accepted) packets, but I can't seem to find a FORWARD filter that will give me this data.
The specific section of my firewall script that I think should give me what I want is as follows:
However in my logs all I ever get is the outbound packets even though the output from "iptables -t filter -vnL" suggest the inbound rule is successfully matching/processing packets as seen below.
Code:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
.
.
.
576 437K logaccept 0 -- vlan2 wl0.1 0.0.0.0/0 192.168.22.0/24 state RELATED,ESTABLISHED
42 2528 logaccept 0 -- wl0.1 vlan2 192.168.22.0/24 0.0.0.0/0 state NEW
.
.
.
I suspect this is because the inbound packets are not truly destined for wl0.1 until after nat/POSTROUTING has translated them.
Is there anyway to log the correlating inbound traffic for outbound traffic that is NAT'd?
You overlooked the rules in the logaccept chain. Only new connections are logged by the logging chains, but your inbound rule is sending established/related traffic to the logaccept chain. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
I seem to remember reading somewhere that we can create our own chains, right? Perhaps I can create my own "logacceptall" chain. Thanks for pointing me in the right direction.
Which reproduces everyting except the "flags 7" portion of the "logaccept" chain. What is flags? I've been looking online at all the documentation I could find and I don't see anything that references this at all.