I'm trying to use ULOG with iptables for log all the nat traslation done by my nat box..
I would like to see something like a proxy server..
My iptables is something like
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.50.72.0/23 -o eth0 -j ULOG --ulog-nlgroup 32 --ulog-prefix "ULOG"
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.50.72.0/23 -o eth0 -j SNAT --to 1.1.1.1
I run ulogd and all is correct but with nlgroup 32 i can see only the dns request and nothing more.. well is see..
Aug 13 19:18:27 gw2-709nat Userspace-LOG: IN= OUT=eth0 MAC=a7:5f:78:4b:d0:36:d9:36:bd:d3:dc:8a:81:a5:03:e7:10:7f:df:66:39:f9:ec:1c:39:2d:e1:2d:05:db:bd:c8:a7:ee:2f:a3:8a:f6:7e:30:ed:60:d2:ae:2b:6f:97:3e:fb:35:99:7d:1f:9d:96:96:72:45:49:4b:4b:d6:bd:50:25:ef:87:ec:2c:75:7f:cb:65:3c:d4:9b:6b:56:2e:71:45:00:00:41:26:2d:00:00:7e:11:1e:07:0a:32:48:04:c3:3e:e3:03:06:84:00:35:00:2d:d6:25:00:01:01:00:00:01:00:00:00:00:00:00:03:77:77:77:0b:63:6f:6e:6e:65:74:74:69:6f:72:61:03:63:6f:6d:00:00:01:00:01:0c:00:01:33:07:9d:00:00:00 SRC="" DST=1.1.1.3 LEN=65 TOS=00 PREC=0x00 TTL=126 ID=9773 PROTO=UDP SPT=1668 DPT=53 LEN=45
I would like to use ulog for get something like.
Aug 13 19:18:27 gw2-709nat Userspace-LOG: SRC="" DST=1.2.3.4 /index.html
for examples...
Something like the normal squid logging options..
I can't use transparent proxy for my nt box so i have to use ulog for get directly the data..
Any idea ?
Simone Sestini [ SS971-RIPE ]
Plug IT s.p.a. - Technical Office
Via Ernesto Rossi
52100 Arezzo
Fax
Web
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
