On Mon, 2011-08-22 at 20:40 +0530, TEJAS wrote: > Hi All, > > I am new with iptables.I write certain iptables rule for my internal > network , i write rules for SNAT for internet sharing and some others > for configuring some restrictions.It is working fine.But i want to > debug these rules in live motion.I want to see what happening with > packets while they traverse from iptables rules. > > Is there any method or any tool or anything to see what happening in > snat rule and what happening in others iptables rules. You can use the LOG target to log messages to syslog (probably /var/log/messages). Basic example, really, when accepting SSH packets (beware of wrapping): $ipt -A INPUT -p tcp --dport 22 -j LOG --log-level info --log-prefix "INPUT: SSH: " $ipt -A INPUT -p tcp --dport 22 -j ACCEPT [...more rules...and then at the end of your ruleset...] $ipt -A INPUT -j LOG --log-level info --log-prefix "INPUT: DROPPED: " $ipt -A INPUT -j DROP (or use the chain policy to do this) -- Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
