Re: private to public IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks you very much Rob, I will take note that It is better to use -A rather than -I on this situation, however I have a follow up question.what is the difference between implemeting these rules on FOWRARD chain, rather than POSTROUTING and is it important to put DROP after the rules? 

Wennie
----- Original Message ----- From: "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> 
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Monday, July 03, 2006 2:17 PM
Subject: Re: private to public IP


On Mon, July 3, 2006 12:42, Wennie V. Lagmay wrote:

Hi Robee,


Thank you very much for your reply, just want to confirn something.
1. Based on the script you've sent to me does it mean that I have to input 
all my private subnets example
iptables -I  FORWARD  -s 192.168.1.0/24 -m state --state NEW -j LOG
--log-level info
iptables -I  FORWARD  -s 192.168.2.0/24 -m state --state NEW -j LOG
--log-level info
iptables -I  FORWARD  -s 192.168.3.0/24 -m state --state NEW -j LOG
--log-level info
iptables -I  FORWARD  -s 192.168.4.0/24 -m state --state NEW -j LOG
--log-level info
and so on


Yes. But you can script that to save yourself some work if you have a lot or
these.
You do know that when you are using "-I" that you are inserting the rules on
top of each other, instead of appending them..? In this case it doesn't matter 
but you may get unexpected results if you are not aware of it.


2. With this script I can  identify a certain Private IP, which public IP
address it use and which remote IP it is connected? example

Private IP = 192.168.2.56
Public IP =  203.174.11.8
Remote IP = 65.67.87.9 (www.yahoo.com)


No. Only the source (private) IP and the remote (destination) IP (and more,
like [s|d]port, etc). A logging line would look something like this:

Jul  3 12:55:35 fw INPUT:  IN=eth0 OUT=
MAC=00:a0:27:a0:6b:00:00:b0:d0:db:aa:3a:08:00  SRC=60.11.125.36 DST=1.2.3.4
LEN=485 TOS=00 PREC=0x00 TTL=40 ID=0 DF PROTO=UDP SPT=40867 DPT=1026 LEN=465

Jul  3 12:55:35 fw INPUT:  IN=eth0 OUT=
MAC=00:a0:27:a0:6b:00:00:b0:d0:db:aa:3a:08:00  SRC=60.11.125.36 DST=1.2.3.4
LEN=485 TOS=00 PREC=0x00 TTL=40 ID=0 DF PROTO=UDP SPT=40867 DPT=1027 LEN=465

(This is a DROP rule in the INPUT chain so there's no private source IP.)


3. Are all the log are stored in /var/log/messages?


That depends on your syslog config. Normally, I think: yes.
If you want to log more specific, you can setup ulogd and use the ULOG target. 


Gr,
Rob
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux