Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 08-30-2009, 09:13 PM   #1
LQ Newbie
Registered: Aug 2009
Posts: 4

Rep: Reputation: 0
Question Iptables log problem

I made a nat box with iptables (V1.3.5) ,Kernel(2.6.18-8)

PC( ----NAT-eth0( ----NAT-eth1(

nat IP pool at eth1

I get log by next command

iptables -t nat -A POSTROUTING -o eth1 -m state --state NEW -j LOG --log-level debug

and get a log

Aug 31 13:35:32 localhost kernel: IN= OUT=eth1 SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=18015 PROTO=TCP SPT=57971 DPT=22 LEN=40

But,it is not the format I need,because the log only shows two IP address, SRC( and DST( want to get more IP info as I getting from ip_conntrack

cat /proc/net/ip_conntrack

tcp 6 431379 ESTABLISHED src= dst= sport=4000 dport=22 packets=80 bytes=6447 src= dst= sport=22 dport=4000 packets=64 bytes=12367 [ASSURED] mark=0 secmark=0 use=1

IP_conntrack log three address,src(,dst( and (translating ip)

My problem is how to making syslog item have three ip address,not just src and dst,without nat translation info

Anybody can help me,thanks!

Last edited by solink; 08-30-2009 at 09:18 PM.
Old 09-01-2009, 06:04 AM   #2
Registered: Aug 2009
Posts: 311

Rep: Reputation: 36


Try these and see fi it gets you more info.
Old 09-02-2009, 08:52 PM   #3
LQ Newbie
Registered: Aug 2009
Posts: 4

Original Poster
Rep: Reputation: 0

Thanks for your advice,I have tried to use the target --log-ip-options and --log-tcp-options,but didn't get more useful infomation for me.

Last edited by solink; 09-02-2009 at 08:53 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables log problem solink Linux - Networking 1 08-31-2009 01:02 AM
Firewall log file, how to make several different log files with IPTables? newtovanilla Linux - Newbie 5 11-28-2008 12:39 PM
Deleted /var/log/messages, can't log any files-iptables chingyenccy Linux - Newbie 7 02-27-2005 04:03 PM
Iptables log problem _kossak_ Linux - Security 1 09-10-2003 01:31 PM
iptables - I added a second nic and cannot ssh to it. Log shows a potential problem. ForumKid Linux - Security 12 01-18-2002 09:13 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration