Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables: log connection after SNAT/MASQUERADE command
Special Forums IP Networking iptables: log connection after SNAT/MASQUERADE command Post 302673951 by unlimited on Thursday 19th of July 2012 05:20:55 AM
Old 07-19-2012
iptables: log connection after SNAT/MASQUERADE command
Hello!

I have the following problem with iptables in Debian 6:

My server works as a router and it needs to log server external IP+port for all outgoing connections.

But after command SNAT or MASQUERADE traffic is "lost".
I mean no following rules can catch those traffic.
Everything looks like SNAT/MASQUERADE is the "end" rule and it pushes traffic to network immediately.

Question:

How can I log routed connection data with server external IP and port?

---------- Post updated 19-07-12 at 12:20 PM ---------- Previous update was 18-07-12 at 10:27 PM ----------

These are rules from nat table:

-A POSTROUTING -p tcp -s 10.0.0.0/8 --syn -j MARK --set-mark 4
-A POSTROUTING -m mark --mark 4 -j LOG --log-prefix "TCPLO1 " --log-level debug
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j SNAT --to-source 12.23.34.56
-A POSTROUTING -m mark --mark 4 -j LOG --log-prefix "TCPLO2 " --log-level debug
-A POSTROUTING -p tcp --syn -j LOG --log-prefix "TCPLO3 " --log-level debug

First rule marks routed connection
second - logs marked connection but it don't contain IP and port selected by NAT.
third - executes SNAT
and next line don't log anything but should log marked connection
last line should log any connections and it logs server's own traffic and not routed connections
 

9 More Discussions You Might Find Interesting

1. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

2. Solaris

Solaris 10 ftp connection problem (connection refused, connection timed out)

Hi everyone, I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies

3. UNIX for Dummies Questions & Answers

Sendmail masquerade

Hi, Please tell me what is sendmail masquarade and what is the use of it? Its pretty confusing :eek:.. Is it all about like when mail is sent from sender to receiver, the receiver cannot see the hostname/internal username of sender.. And I found they constitute various classes like class... (0 Replies)
Discussion started by: Priya Amaresh
0 Replies

4. AIX

Sendmail masquerade

I'm trying to configure sendmail masquerading and it seems like I'm having a problem with m4. My main problem is that internally generated emails are showing up externally as originating from: internal_user@internal1.mydomain.com. internal1.mydomain.com doesn't resolve publicly, nor should it.... (1 Reply)
Discussion started by: aix_user1
1 Replies

5. UNIX for Dummies Questions & Answers

Iptables, port forwarding, 64k connection limit?

I am having an issue with iptables. My server is a RHEL6 64bit system. In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect. However, when I turn iptables on and add a... (1 Reply)
Discussion started by: jtipp3tt
1 Replies

6. IP Networking

iptables nat/masquerade - how to act as a basic firewall?

edit: SOLVED - see below for solution Hi there, I've inherited a gob of Linux hosts and so am learning linux from the bottom of the deep end of the pool (gotta say I'm warming up to Linux though - it's not half bad) Right now iptables is confusing me and I could use some pointers as to how... (0 Replies)
Discussion started by: Smiling Dragon
0 Replies

7. UNIX for Dummies Questions & Answers

Nullmailer masquerade domain

I am using nullmailer on Ubuntu Linux to relay mails however when I send email or through cron it appear as root@myhostname.domain.com instead of root@domain.com How do I configure nullmailer so the email send appear as from root@domain.com? (0 Replies)
Discussion started by: hassan1
0 Replies

8. UNIX for Dummies Questions & Answers

iptables conditional masquerade

Hi everyone, I have a LAN with : 1 internet box (192.168.1.1) 1 Debian host (192.168.1.224) 3 Windows hosts (192.168.1.32/33/34) The internet box is set to route all incoming traffic to the Debian host (DMZ). Then the Debian host is set to accept certain packets and forward others... (0 Replies)
Discussion started by: chebarbudo
0 Replies

9. UNIX for Beginners Questions & Answers

iptables : How to apply masquerade while pinging from DUT to outside network

My Device is connected to eth1 interface of the host and eth0 is connected to network. Now when I am pinging google.com from device after executing below commands on host sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE I am... (0 Replies)
Discussion started by: slathigara
0 Replies

LEARN ABOUT DEBIAN

yaz-log

YAZ-LOG(7)						   Conventions and miscellaneous						YAZ-LOG(7)

NAME

       yaz-log - Log handling in all yaz-based programs

SYNOPSIS

       yaz-XXXX [-v loglevel,...] [-l logfile]

DESCRIPTION

       All YAZ-based programs use a common log subsystem, and should support common command line options for controlling it. This man page
       documents those.

OPTIONS

       -l logfile
	   Specify the file where the log is to be written. If none is specified, stderr is used. The log is appended to this file. If the file
	   grows overly large, it is silently rotated: It is renamed to logfile.1, logfile.2, .., 9 (old such file is deleted), and a new file is
	   opened. The limit defaults to 1GB, but can be set by the program. The rotating limit can be specified with option -r for the YAZ
	   frontend server (yaz-ztest).

	   Rotation can also be implicitly enabled by using a filename which gets changed for a given date, due to substitutions as given by the
	   strftime(3) function.

       -v loglevel
	   Specify the logging level. The argument is a set of log level names, separated by commas (no whitespace!), optionally preceded by a '-'
	   to negate that level. Most programs have their own default, often containing fatal,warn,log, and some application-specific values. The
	   default list can be cleared with the word none, or individual bits can be removed by prefixing them with a dash '-'.

LOG LEVELS TO CONTROL LOGGING

       Some of the log levels control the way the log is written.

       flush causes the log to be flushed after every write. This can have serious implications to performance, and should not be used in
       production. On the other hand, when debugging a program crash, this can be extremely useful. The option debug implies flush as well.

       notime prevents the writing of time stamps. This is intended for automatic test scripts, which should produce predictable log files that
       are easy to compare.

GENERAL LOG LEVELS IN YAZ ITSELF

       YAZ itself uses the following log levels:

       fatal for fatal errors, that prevent further execution of the program.

       warn for warnings about things that should be corrected.

       debug for debugging. This flag may be used temporarily when developing or debugging yaz, or a program that uses yaz. It is practically
       deprecated, you should be defining and using your own log levels (see below).

       all turns on almost all hard-coded log levels.

       loglevel logs information about the log levels used by the program. Every time the log level is changed, lists all bits that are on. Every
       time a module asks for its log bits, this is logged. This can be used for getting an idea of what log levels are available in any program
       that uses yaz-log. Start the program with -v none,loglevel, and do some common operations with it. Another way is to grep for
       yaz_log_module_level in the source code, as in

		 find . -name '*.[ch]' -print |
		    xargs grep yaz_log_module_level |
		    grep '"' |
		    cut -d'"' -f2 |
		    sort -u

       eventl, malloc, nmem, odr are used internally for debugging yaz.

LOG LEVELS FOR CLIENTS

       zoom logs the calls to the zoom API, which may be useful in debugging client applications.

LOG LEVELS FOR SERVERS

       server logs the server functions on a high level, starting up, listening on a port, etc.

       session logs individual sessions (connections).

       request logs a one-liner for each request (init, search, etc).

       requestdetail logs the details of every request, before it is passed to the back-end, and the results received from it.

       Each server program (zebra, etc) is supposed to define its own log levels in addition to these. As they depend on the server in question,
       they can not be described here. See above how to find out about them.

LOGGING EXAMPLES

       See what log levels yaz-ztest is using:

	       yaz-ztest -1 -v none,loglevel
	       14:43:29-23/11 [loglevel] Setting log level to 4096 = 0x00001000
	       14:43:29-23/11 [loglevel] Static  log bit 00000001 'fatal' is off
	       14:43:29-23/11 [loglevel] Static  log bit 00000002 'debug' is off
	       14:43:29-23/11 [loglevel] Static  log bit 00000004 'warn' is off
	       14:43:29-23/11 [loglevel] Static  log bit 00000008 'log' is off
	       14:43:29-23/11 [loglevel] Static  log bit 00000080 'malloc' is off
	       14:43:29-23/11 [loglevel] Static  log bit 00000800 'flush' is off
	       14:43:29-23/11 [loglevel] Static  log bit 00001000 'loglevel' is ON
	       14:43:29-23/11 [loglevel] Static  log bit 00002000 'server' is off
	       14:43:29-23/11 [loglevel] Dynamic log bit 00004000 'session' is off
	       14:43:29-23/11 [loglevel] Dynamic log bit 00008000 'request' is off
	       14:44:13-23/11 yaz-ztest [loglevel] returning log bit 0x4000 for 'session'
	       14:44:13-23/11 yaz-ztest [loglevel] returning log bit 0x2000 for 'server'
	       14:44:13-23/11 yaz-ztest [loglevel] returning NO log bit for 'eventl'
	       14:44:20-23/11 yaz-ztest [loglevel] returning log bit 0x4000 for 'session'
	       14:44:20-23/11 yaz-ztest [loglevel] returning log bit 0x8000 for 'request'
	       14:44:20-23/11 yaz-ztest [loglevel] returning NO log bit for 'requestdetail'
	       14:44:20-23/11 yaz-ztest [loglevel] returning NO log bit for 'odr'
	       14:44:20-23/11 yaz-ztest [loglevel] returning NO log bit for 'ztest'

       See the details of the requests for yaz-ztest

	      ./yaz-ztest -1 -v requestdetail
	      14:45:35-23/11 yaz-ztest [server] Adding static Z3950 listener on tcp:@:9999
	      14:45:35-23/11 yaz-ztest [server] Starting server ./yaz-ztest pid=32200
	      14:45:38-23/11 yaz-ztest [session] Starting session from tcp:127.0.0.1 (pid=32200)
	      14:45:38-23/11 yaz-ztest [requestdetail] Got initRequest
	      14:45:38-23/11 yaz-ztest [requestdetail] Id:	  81
	      14:45:38-23/11 yaz-ztest [requestdetail] Name:	  YAZ
	      14:45:38-23/11 yaz-ztest [requestdetail] Version:   2.0.28
	      14:45:38-23/11 yaz-ztest [requestdetail] Negotiated to v3: srch prst del extendedServices namedresults scan sort
	      14:45:38-23/11 yaz-ztest [request] Init from 'YAZ' (81) (ver 2.0.28) OK
	      14:45:39-23/11 yaz-ztest [requestdetail] Got SearchRequest.
	      14:45:39-23/11 yaz-ztest [requestdetail] ResultSet '1'
	      14:45:39-23/11 yaz-ztest [requestdetail] Database 'Default'
	      14:45:39-23/11 yaz-ztest [requestdetail] RPN query. Type: Bib-1
	      14:45:39-23/11 yaz-ztest [requestdetail]	term 'foo' (general)
	      14:45:39-23/11 yaz-ztest [requestdetail] resultCount: 7
	      14:45:39-23/11 yaz-ztest [request] Search Z: @attrset Bib-1 foo  OK:7 hits
	      14:45:41-23/11 yaz-ztest [requestdetail] Got PresentRequest.
	      14:45:41-23/11 yaz-ztest [requestdetail] Request to pack 1+1 1
	      14:45:41-23/11 yaz-ztest [requestdetail] pms=1048576, mrs=1048576
	      14:45:41-23/11 yaz-ztest [request] Present: [1] 1+1  OK 1 records returned

LOG FILENAME EXAMPLES

       A file with format my_YYYYMMDD.log is where Y, M, D is year, month, and day digits is given as follows -l my_%Y%m%d.log . And since the
       filename is depending on day, rotaion will occur on midnight.

       A weekly log could be specified as -l my_%Y%U.log.

FILES

       prefix/include/yaz/log.h prefix/src/log.c

SEE ALSO

       yaz(7) yaz-ztest(8) yaz-client(1) strftime(3)

YAZ 4.2.30							    04/16/2012								YAZ-LOG(7)
All times are GMT -4. The time now is 05:15 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy