Not a bug I think. You need to specify what to log. I don't think this rule will hit, as no parameters are specified. Try something like this: iptables -t nat -A PREROUTING -s 0.0.0.0/0 -j LOG -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Martijn Lievaart Sent: Fri 21-Jul-06 19:34 To: Daniel Drake Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Struggling with NAT: is PREROUTING working at all? Daniel Drake wrote: > I took a step back and re-read the iptables man page. It says that the > nat table is consulted whenever a new connection is about to be > established, and PREROUTING is used when packets come in, so I'd > expect this rule to give me a lot of output: > > iptables -t nat -A PREROUTING -j LOG > > But, I get nothing, even when successfully establishing a new > connection from the outside to the linux system. Logging is definitely > working since I can get logs from other rules. > > No other rules are in place before this one, my script simply clears > all tables/chains, sets all policies to ACCEPT, then runs the above > command. > > Am I missing something, or PREROUTING not triggering when it should be? You may have hit a bug here. That should have worked. I never tried LOGging from prerouting, but the NAT functionality definately works. M4
