jack <(E-Mail Removed)> wrote in message news:<ce6i8k$a73$07$(E-Mail Removed)>...
> Enrique Ariz?n Benito wrote:
> > Hi, I succesfully setup a NAT. Behind it I have a web server listening
> > in the 192.168.0.100:8080 port to wich I forward external web
> > connections with next iptable command:
> >
> > $IPTABLES -t nat -A PREROUTING --destination $IP_WAN -p tcp --dport 80
> > --jump DNAT --to 192.168.0.100:8080
> >
> > My doubt is next:
> >
> > Is it possible to log external clients connecting to the Web server?
>
> Easily so.
>
> You actually have two ways to achieve this: Firstly, You can add a rule
> exactly as Yours above, but with the LOG target, just before the DNAT
> one. Then, those connections will be logged by iptables on Your router.
>
> Secondly, You can make Your web server logiing connections.
>
>
> Cheers, Jack.
Thanks, I didn't know about the LOG target. I probed and it worked
flawessly.
(P.S: The problem with the web server logging was that now external
clients appears as 192.168.0.1 connections, but internal clients also
access inderectly the web server through squid that is located in the
same NAT server since many times people forget to check the "disable
proxy for internal address" in its web browser).
|
Similar Threads
Linear Mode
