 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
07-27-2004, 07:13 PM
|
Logging NAT forwards??
Hi, I succesfully setup a NAT. Behind it I have a web server listening
in the 192.168.0.100:8080 port to wich I forward external web connections with next iptable command: $IPTABLES -t nat -A PREROUTING --destination $IP_WAN -p tcp --dport 80 --jump DNAT --to 192.168.0.100:8080 My doubt is next: Is it possible to log external clients connecting to the Web server? Thanks in advance for any help! Enrique Ariz?n Benito 
|
|
#2
07-27-2004, 10:41 PM
|
|||
|
|||
|
Re: Logging NAT forwards??
Enrique Ariz?n Benito wrote:
> Hi, I succesfully setup a NAT. Behind it I have a web server listening > in the 192.168.0.100:8080 port to wich I forward external web > connections with next iptable command: > > $IPTABLES -t nat -A PREROUTING --destination $IP_WAN -p tcp --dport 80 > --jump DNAT --to 192.168.0.100:8080 > > My doubt is next: > > Is it possible to log external clients connecting to the Web server? Easily so. You actually have two ways to achieve this: Firstly, You can add a rule exactly as Yours above, but with the LOG target, just before the DNAT one. Then, those connections will be logged by iptables on Your router. Secondly, You can make Your web server logiing connections. Cheers, Jack. -- ---------------------------------------------------------------------- My personal reading of the string "MicroSoft" expands to "NanoWeak"...
|
|
#3
07-29-2004, 01:03 PM
|
|||
|
|||
|
Re: Logging NAT forwards??
jack <(E-Mail Removed)> wrote in message news:<ce6i8k$a73$07$(E-Mail Removed)>...
> Enrique Ariz?n Benito wrote: > > Hi, I succesfully setup a NAT. Behind it I have a web server listening > > in the 192.168.0.100:8080 port to wich I forward external web > > connections with next iptable command: > > > > $IPTABLES -t nat -A PREROUTING --destination $IP_WAN -p tcp --dport 80 > > --jump DNAT --to 192.168.0.100:8080 > > > > My doubt is next: > > > > Is it possible to log external clients connecting to the Web server? > > Easily so. > > You actually have two ways to achieve this: Firstly, You can add a rule > exactly as Yours above, but with the LOG target, just before the DNAT > one. Then, those connections will be logged by iptables on Your router. > > Secondly, You can make Your web server logiing connections. > > > Cheers, Jack. Thanks, I didn't know about the LOG target. I probed and it worked flawessly. (P.S: The problem with the web server logging was that now external clients appears as 192.168.0.1 connections, but internal clients also access inderectly the web server through squid that is located in the same NAT server since many times people forget to check the "disable proxy for internal address" in its web browser).
|
 |
| Tags |
| forwards, logging, nat |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
