I have a NAT box running and I would like to be able to log all the actual port numbers used. From /proc/net/ip_conntrack I can see the original ipaddress and port number aswell as the port number and ipaddress that the reply is directed to but this is not included in the messages I get from the iptables LOG facility which only displays the address and port number prior to the SNAT operation. THis is how I do my logging /sbin/iptables -I FORWARD -m state --state NEW -j LOG Are there any options I can change to get all the port numbers logged before and after NAT? -- Dave
