iptables port forwarding logging

wag2639 · 07-07-2008, 01:00 PM

After looking up numerous forums, including here, I got my port forwarding to work. It's something like this:

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22022 -j DNAT --to 123.123.123.23:22
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22023 -j DNAT --to 123.123.123.54:22
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -p tcp --dport 22 -j ACCEPT

Now my question is, how do I log these port forwards to a specific place, something like /var/logs/portfowards.log?

Thanks

dkm999 · 07-07-2008, 11:12 PM

You can put a rule with a LOG target into the NAT table with the same conditions as the DNAT rule. eg

Code:

 /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22022 -j LOG --log-prefix PortForward:

Put this just before the corresponding DNAT rule, and you will get stuff in the /var/log/messages file by default. To put them into another file, you have limited choices with the standard syslog facilities. A better scheme uses syslog-ng, which gives you more flexibility in sorting and routing log messages.

wag2639 · 07-08-2008, 10:15 AM

Thanks. I can't seem to figure out how to use the syslog. I'm using a Fedora 9. I have an rsyslog but I don't know how to use that.

tbergfeld · 07-08-2008, 10:41 AM

Hi
I know it's a bit late...
but try looking at this link...perhaps you will find something can help you:
http://www.rsyslog.com/doc