I have made two NAT box for a special dialup server.
I have create an iptables stratup script like that..
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.2.0/23 -o eth0 -j SNAT --to PUBLIC-IP1
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.4.0/23 -o eth0 -j SNAT --to PUBLIC-IP2
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.6.0/23 -o eth0 -j SNAT --to PUBLIC-IP3
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.8.0/23 -o eth0 -j SNAT --to PUBLIC-IP4
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.10.0/23 -o eth0 -j SNAT --to PUBLIC-IP5
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.12.0/23 -o eth0 -j SNAT --to PUBLIC-IP6
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.14.0/23 -o eth0 -j SNAT --to PUBLIC-IP7
and so on..
Now.. i need to LOG all the traffic that transit over the rules..
I need to log at least PUBLIC-IPX and DESTINATION-IP.
A friend of that mailing list wrote me back and told..
change your string like that
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/23 -o eth0 -j LOG --log-level debug --log-prefix "POSTRT: "
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/23 -o eth0 -j SNAT --to PUBLIC-IP1
I did that and added that over syslog.conf
# For NAT
*.* /var/log/nat.log
but i don't see any datas logged over that file..
See that..
75 3727 LOG all -- * eth0 10.20.0.0/23 0.0.0.0/0 LOG flags 0 level 7 prefix `POSTRT: '
75 3727 SNAT all -- * eth0 10.20.0.0/23 0.0.0.0/0 to:xxx.x.xx.x
I generated the traffic over that rule but nothing appear over the log file.
Any idea ?
Simone Sestini [ SS971-RIPE ]
Plug IT s.p.a. - Technical Office
Via Galileo Ferraris 216
52100 Arezzo
Titles:
System and Network Administrator
Data Transmission Manager
Fax
Web
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
