On Sunday 14 March 2004 6:27 pm, Sandy C wrote:
> Hi Antony,
> Great explanation. It seems like what you're saying is *if * I did want
> to keep track of whatever's going on (i.e. LOG http packets) using
> iptables I would need to make sure the client and server are part of 2
> different nets, correct? So...the 3rd machine would neet to route and
> filter.
Correct.
> Otherwise how hard would it be to go into the code and make iptables
> recognize broadcast packets ala ethereal?
If by "broadcast" you mean "packets sent to an IP subnet broadcast address"
the netfilter will do that already.
However, I don't think you do mean that, I think you mean "packets which
happen to come out of all sockets on a hub", and the answer is "very
difficult" because netfilter is plugged into the routing mechanism, and the
routing mechanism just doesn't see packets which aren't addressed to the
machine, either as an endpoint or as a router.
Besides, why do you want netfilter to do your logging, if you can run
ethereal? You get a lot more information out of ethereal, and it can show
you the protocols in a much more meaningful manner.
Regards,
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
