07-19-2012
iptables: log connection after SNAT/MASQUERADE command
Hello!
I have the following problem with iptables in Debian 6:
My server works as a router and it needs to log server external IP+port for all outgoing connections.
But after command SNAT or MASQUERADE traffic is "lost".
I mean no following rules can catch those traffic.
Everything looks like SNAT/MASQUERADE is the "end" rule and it pushes traffic to network immediately.
Question:
How can I log routed connection data with server external IP and port?
---------- Post updated 19-07-12 at 12:20 PM ---------- Previous update was 18-07-12 at 10:27 PM ----------
These are rules from nat table:
-A POSTROUTING -p tcp -s 10.0.0.0/8 --syn -j MARK --set-mark 4
-A POSTROUTING -m mark --mark 4 -j LOG --log-prefix "TCPLO1 " --log-level debug
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j SNAT --to-source 12.23.34.56
-A POSTROUTING -m mark --mark 4 -j LOG --log-prefix "TCPLO2 " --log-level debug
-A POSTROUTING -p tcp --syn -j LOG --log-prefix "TCPLO3 " --log-level debug
First rule marks routed connection
second - logs marked connection but it don't contain IP and port selected by NAT.
third - executes SNAT
and next line don't log anything but should log marked connection
last line should log any connections and it logs server's own traffic and not routed connections
9 More Discussions You Might Find Interesting
1. IP Networking
Greetings to all.
My new firewall is giving me one hell of a problem.
I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.
I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies
2. Solaris
Hi everyone,
I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies
3. UNIX for Dummies Questions & Answers
Hi,
Please tell me what is sendmail masquarade and what is the use of it?
Its pretty confusing :eek:..
Is it all about like when mail is sent from sender to receiver, the receiver cannot see the hostname/internal username of sender..
And I found they constitute various classes like class... (0 Replies)
Discussion started by: Priya Amaresh
0 Replies
4. AIX
I'm trying to configure sendmail masquerading and it seems like I'm having a problem with m4.
My main problem is that internally generated emails are showing up externally as originating from: internal_user@internal1.mydomain.com.
internal1.mydomain.com doesn't resolve publicly, nor should it.... (1 Reply)
Discussion started by: aix_user1
1 Replies
5. UNIX for Dummies Questions & Answers
I am having an issue with iptables. My server is a RHEL6 64bit system.
In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect.
However, when I turn iptables on and add a... (1 Reply)
Discussion started by: jtipp3tt
1 Replies
6. IP Networking
edit: SOLVED - see below for solution
Hi there,
I've inherited a gob of Linux hosts and so am learning linux from the bottom of the deep end of the pool (gotta say I'm warming up to Linux though - it's not half bad)
Right now iptables is confusing me and I could use some pointers as to how... (0 Replies)
Discussion started by: Smiling Dragon
0 Replies
7. UNIX for Dummies Questions & Answers
I am using nullmailer on Ubuntu Linux to relay mails however when I send email or through cron it appear as
root@myhostname.domain.com instead of root@domain.com
How do I configure nullmailer so the email send appear as from root@domain.com? (0 Replies)
Discussion started by: hassan1
0 Replies
8. UNIX for Dummies Questions & Answers
Hi everyone,
I have a LAN with :
1 internet box (192.168.1.1)
1 Debian host (192.168.1.224)
3 Windows hosts (192.168.1.32/33/34)
The internet box is set to route all incoming traffic to the Debian host (DMZ).
Then the Debian host is set to accept certain packets and forward others... (0 Replies)
Discussion started by: chebarbudo
0 Replies
9. UNIX for Beginners Questions & Answers
My Device is connected to eth1 interface of the host and eth0 is connected to network.
Now when I am pinging google.com from device after executing below commands on host
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I am... (0 Replies)
Discussion started by: slathigara
0 Replies
ncpd(8) System administration commands ncpd(8)
NAME
ncpd - Daemon which handles the serial link to a Psion
SYNOPSIS
ncpd [-V] [-h] [-v log-class] [-d] [-e] [-p [host:]port] [-s device] [-b baud-rate] [long-options]
DESCRIPTION
ncpd is the daemon which handles the serial link to your Psion. It listens at port 7501 for local connections and provides basic PLP/NCP
services for plpfuse and plpftp and other front-ends. It auto-connects to the psion, even after unplugging/switching off therefore it can
run all the time if you can dedicate a serial device to it.
OPTIONS
-V, --version
Display the version and exit
-h, --help
Display a short help text and exit.
-e, --autoexit
Exit automatically if the device is disconnected. Furthermore, use the current tty as I/O device. This option is intended for start-
ing ncpd on demand using mgetty's auto-detect function. (A patch for mgetty is needed for that).
-v, --verbose=log-class
Increase the logging level of the program. the possible values for log-class are:
nl Set NCP debug level to LOG
nd Set NCP debug level to DEBUG
ll Set Link debug level to LOG
ld Set Link debug level to DEBUG
pl Set Packet debug level to LOG
pd Set Packet debug level to DEBUG
ph Set Packet debug level to HANDSHAKE
m Set overall debug level to verbose
all Turn on all the above logging on.
-d, --dontfork
Do not background the daemon.
-p, --port=[host:]port
Specify the port to listen on - by default the value for the host is 127.0.0.1 and the value for the port is looked up in /etc/ser-
vices using the key psion/tcp. If it is not found there, a default value of 7501 is used.
-s, --serial=device
Specify the serial device to use to connect to the Psion - this defaults to /dev/ttyS0
-b, --baudrate=baud-rate
Specify the baud rate to use for the serial connection. If the word auto is specified, ncpd cycles through baud-rates of 115200,
57600, 38400, 19200 and 9600 baud. Default setting is auto.
SEE ALSO
plpfuse(8), plpprintd(8), plpftp(1), sisinstall(1)
AUTHOR
Fritz Elfert
Heavily based on p3nfsd by Rudolf Koenig (rfkoenig@immd4.informatik.uni-erlangen.de) and plp_1_7 by Philip Proudman (phil@proud-
man51.freeserve.co.uk)
Patches from Matt Gumbley (matt@gumbley.demon.co.uk)
Man page by John Lines (john+plpman@paladin.demon.co.uk)
plptools 1.0.9 2008/03/13 ncpd(8)