On May 18 2007 20:15, Craig Bernstein wrote: > > I can't believe this isn't a FAQ; I apologize if I missed something in > my searches. > > Is there a way to log connections along with all of their NAT translation > data? iptables -t nat -N yes_do_me_1 iptables -t nat -A yes_do_me_1 -j LOG ... iptables -t nat -A yes_do_me_1 -j SNAT ... iptables -t nat -s 134.76.0.0/16 -d whatever -p tcp -j yes_do_me_1 Or you could use `conntrack -E`... or conntrack -L for a momentary state. > > I am using a Debian (Sarge) system to SNAT guest users from private > address space to the Internet, and I need to keep a record that > includes both their internal and external addresses. > > Simply logging before the SNAT rule leaves out the external address, > leaving me only with the original RFC1918 source address. > /proc/net/ip_conntrack has the information I need, but no way to send > it to the log it at the beginning and/or end of the session. > > There HAS to be an easy way to do this! Right? > > Thank you... > > -- > ...Craig > > Jan --
