Hello,
I want to implement one-to-one mapping of ip addresses using
iptables with logging.
Network is as follows:
-----192.168.1.0/24-----FIREWALL(IPTABLES)-----192.168.4.0/24
(Net-I)[eth0] (Net-II)[eth1]
I want each ip in Net-I when goes out through the firewall takes a
IP from Net-II. I think for it the following rule is sufficient.
Rule -I
###iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.1/32 -SNAT -to
192.168.4.1
Note: I want it to be static mapping.
Now, I also want to enable logging for the net-I(192.168.1.0/24)i.e.
keep track of who is doing what.
Will the following rule set work if I put instead of Rule-I?
#iptables -t nat -N LOG-TCP
#iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.1/32
-m state --state NEW -j LOG-TCP
#iptables -t -A LOG-TCP -j LOG --log-tcp-options
--log-ip-options --log-prefix "[OUT-TCP-CONNECTIONS]:"
#iptables -t nat -A LOG-TCP -o eth1 -j SNAT -to 192.168.1.4
Any suggestions ?
thanks and regards
baruah
|
Similar Threads
Linear Mode
