iptables: log connection after SNAT/MASQUERADE command


 
Thread Tools Search this Thread
Special Forums IP Networking iptables: log connection after SNAT/MASQUERADE command
# 1  
Old 07-19-2012
iptables: log connection after SNAT/MASQUERADE command

Hello!

I have the following problem with iptables in Debian 6:

My server works as a router and it needs to log server external IP+port for all outgoing connections.

But after command SNAT or MASQUERADE traffic is "lost".
I mean no following rules can catch those traffic.
Everything looks like SNAT/MASQUERADE is the "end" rule and it pushes traffic to network immediately.

Question:

How can I log routed connection data with server external IP and port?

---------- Post updated 19-07-12 at 12:20 PM ---------- Previous update was 18-07-12 at 10:27 PM ----------

These are rules from nat table:

-A POSTROUTING -p tcp -s 10.0.0.0/8 --syn -j MARK --set-mark 4
-A POSTROUTING -m mark --mark 4 -j LOG --log-prefix "TCPLO1 " --log-level debug
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j SNAT --to-source 12.23.34.56
-A POSTROUTING -m mark --mark 4 -j LOG --log-prefix "TCPLO2 " --log-level debug
-A POSTROUTING -p tcp --syn -j LOG --log-prefix "TCPLO3 " --log-level debug

First rule marks routed connection
second - logs marked connection but it don't contain IP and port selected by NAT.
third - executes SNAT
and next line don't log anything but should log marked connection
last line should log any connections and it logs server's own traffic and not routed connections
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

iptables : How to apply masquerade while pinging from DUT to outside network

My Device is connected to eth1 interface of the host and eth0 is connected to network. Now when I am pinging google.com from device after executing below commands on host sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE I am... (0 Replies)
Discussion started by: slathigara
0 Replies

2. UNIX for Dummies Questions & Answers

iptables conditional masquerade

Hi everyone, I have a LAN with : 1 internet box (192.168.1.1) 1 Debian host (192.168.1.224) 3 Windows hosts (192.168.1.32/33/34) The internet box is set to route all incoming traffic to the Debian host (DMZ). Then the Debian host is set to accept certain packets and forward others... (0 Replies)
Discussion started by: chebarbudo
0 Replies

3. UNIX for Dummies Questions & Answers

Nullmailer masquerade domain

I am using nullmailer on Ubuntu Linux to relay mails however when I send email or through cron it appear as root@myhostname.domain.com instead of root@domain.com How do I configure nullmailer so the email send appear as from root@domain.com? (0 Replies)
Discussion started by: hassan1
0 Replies

4. IP Networking

iptables nat/masquerade - how to act as a basic firewall?

edit: SOLVED - see below for solution Hi there, I've inherited a gob of Linux hosts and so am learning linux from the bottom of the deep end of the pool (gotta say I'm warming up to Linux though - it's not half bad) Right now iptables is confusing me and I could use some pointers as to how... (0 Replies)
Discussion started by: Smiling Dragon
0 Replies

5. UNIX for Dummies Questions & Answers

Iptables, port forwarding, 64k connection limit?

I am having an issue with iptables. My server is a RHEL6 64bit system. In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect. However, when I turn iptables on and add a... (1 Reply)
Discussion started by: jtipp3tt
1 Replies

6. AIX

Sendmail masquerade

I'm trying to configure sendmail masquerading and it seems like I'm having a problem with m4. My main problem is that internally generated emails are showing up externally as originating from: internal_user@internal1.mydomain.com. internal1.mydomain.com doesn't resolve publicly, nor should it.... (1 Reply)
Discussion started by: aix_user1
1 Replies

7. UNIX for Dummies Questions & Answers

Sendmail masquerade

Hi, Please tell me what is sendmail masquarade and what is the use of it? Its pretty confusing :eek:.. Is it all about like when mail is sent from sender to receiver, the receiver cannot see the hostname/internal username of sender.. And I found they constitute various classes like class... (0 Replies)
Discussion started by: Priya Amaresh
0 Replies

8. Solaris

Solaris 10 ftp connection problem (connection refused, connection timed out)

Hi everyone, I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies

9. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies
Login or Register to Ask a Question
ARNO-IPTABLES-FIREWALL(8)												 ARNO-IPTABLES-FIREWALL(8)

NAME
arno-iptables-firewall - Single- & multi-homed firewall script with DSL/ADSL support. SYNOPSIS
/etc/init.d/arno-iptables-firewall [start|stop|status|force-reload|restart] DESCRIPTION
arno-iptables-firewall is an iptables configuration script with support for both IPv4 & IPv6. While it is extremely easy to use one can nevertheless use it in quite complicated environments. All available options are explained in the extensively documented configuration file. The external interface of the system needs to be set up properly in the firewalls configuration file (EXT_IF). The default behavior of the firewall is to deny all incoming connections. For additional requirements not covered by the configuration file custom iptables rules can be placed in /etc/arno-iptables-firewall/cus- tom-rules. This file is automatically parsed by the service script. See the README file (eg. in /usr/(local/)share/doc/arno-iptables-firewall) for an example how to manage logging of firewall events through syslogd. The arno-fwfilter script can be used to make the firewall logs more readable for humans (see manpage). Several plugins for the firewall script are available online. Plugins can be downloaded from http://rocky.eld.leidenuniv.nl/ Please see the README file for more information. FILES
/etc/init.d/arno-iptables-firewall system service script /etc/arno-iptables-firewall/firewall.conf firewall configuration /etc/arno-iptables-firewall/conf.d/ firewall configuration directory /etc/arno-iptables-firewall/custom-rules custom iptables rules /etc/arno-iptables-firewall/blocked-hosts host blacklist /etc/arno-iptables-firewall/mac-addresses mac filter list Please note, that the last two files do exist in the initial configuration and their use is disabled in /etc/arno-iptables-firewall/fire- wall.conf SEE ALSO
iptables(8), arno-fwfilter(1), syslog.conf(5) The http://rocky.eld.leidenuniv.nl/ web site. AUTHOR
arno-iptables-firewall was written by Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>. This manual page was written by Michael Hanke <michael.hanke@gmail.com>, for the Debian project (but may be used by others). Michael Hanke March 14, 2012 ARNO-IPTABLES-FIREWALL(8)