On Wednesday 03 March 2004 9:10 am, prabha wrote:
> Hi
> I want to log some packets in the INPUT and FORWARD chains, but with
> the original address of the packets. (ie) with the destination address
> before any DNAT rule has been applied on the packet in the PREROUTING chain.
You cannot do this because packets pass through the INPUT chain after they
pass through PREROUTING.
> When the packet comes to the INPUT / FORWARD chains, it will be
> after any DNAT has been applied.
Correct.
> I do not want the NATted address to be present in the logs, but the original
> address as the received interface saw it. Is this possible?
Put the LOG rule in the PREROUTING chain.
Regards,
Antony.
--
What is this talk of "software release"?
Our software evolves and matures until it is capable of escape, leaving a
bloody trail of designers and quality assurance people in its wake.
Please reply to the list;
please don't CC me.
