Hello, On Wednesday, 2008 June 11 at 10:25:07 -0400, Alan Stern wrote: > Is there any setting in the kernel or in iptables that will enable > generation of a log of all SNAT mappings as they are created? The log > should include the original source [IP, protocol, port] plus the mapped > [IP, port]. You can use ulogd2 to achieve this. It can take netfilter_conntrack as input and store the event in database or files. The software is in pre rc state but it is working fine for me. URLs: * Homepage: http://www.netfilter.org/projects/ulogd/index.html * user doc: http://software.inl.fr/trac/wiki/ulogd2/user * tutorial: http://www.wzdftpd.net/blog/index.php?2008/04/05/19-ulogd2-the-new-userspace-logging-daemon-for-netfilter-iptables-part-2 * devel doc: http://home.regit.org/?page_id=90 BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/
Attachment:
signature.asc
Description: Digital signature
