LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Iptables log problem (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-log-problem-751362/)

solink 08-30-2009 09:13 PM
Iptables log problem
 
I made a nat box with iptables (V1.3.5) ,Kernel(2.6.18-8)

PC(172.16.0.2/24) ----NAT-eth0(172.16.0.1/24) ----NAT-eth1(222.121.0.1)------internet

nat IP pool at eth1 222.121.0.2-15

I get log by next command

iptables -t nat -A POSTROUTING -o eth1 -m state --state NEW -j LOG --log-level debug

and get a log

Aug 31 13:35:32 localhost kernel: IN= OUT=eth1 SRC=172.16.0.2 DST=119.147.50.111 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=18015 PROTO=TCP SPT=57971 DPT=22 LEN=40

But,it is not the format I need,because the log only shows two IP address, SRC(172.16.0.2) and DST(119.147.50.111).I want to get more IP info as I getting from ip_conntrack

cat /proc/net/ip_conntrack

tcp 6 431379 ESTABLISHED src=172.16.0.2 dst=119.147.50.111 sport=4000 dport=22 packets=80 bytes=6447 src=119.147.50.111 dst=222.121.0.2 sport=22 dport=4000 packets=64 bytes=12367 [ASSURED] mark=0 secmark=0 use=1

IP_conntrack log three address,src(172.16.0.2),dst(119.147.50.111) and

222.121.0.2 (translating ip)

My problem is how to making syslog item have three ip address,not just src and dst,without nat translation info

Anybody can help me,thanks!

kdelover 09-01-2009 06:04 AM
--log-tcp-options

--log-ip-options

Try these and see fi it gets you more info.

solink 09-02-2009 08:52 PM
Thanks for your advice,I have tried to use the target --log-ip-options and --log-tcp-options,but didn't get more useful infomation for me.


All times are GMT -5. The time now is 06:51 PM.