From owner-freebsd-hackers@FreeBSD.ORG  Wed May 15 22:48:15 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 913504CA
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2013 22:48:15 +0000 (UTC)
 (envelope-from deischen@freebsd.org)
Received: from mail.netplex.net (mail.netplex.net [204.213.176.9])
 by mx1.freebsd.org (Postfix) with ESMTP id 3F998F6E
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2013 22:48:14 +0000 (UTC)
Received: from sea.ntplx.net (sea.ntplx.net [204.213.176.11])
 by mail.netplex.net (8.14.6/8.14.6/NETPLEX) with ESMTP id r4FMm8Mm064930
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2013 18:48:08 -0400
X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.netplex.net)
X-Greylist: Message whitelisted by DRAC access database, not delayed by
 milter-greylist-4.4.1 (mail.netplex.net [204.213.176.9]);
 Wed, 15 May 2013 18:48:08 -0400 (EDT)
Date: Wed, 15 May 2013 18:48:08 -0400 (EDT)
From: Daniel Eischen <deischen@freebsd.org>
X-X-Sender: eischen@sea.ntplx.net
To: freebsd-hackers@freebsd.org
Subject: Logging natd translations
Message-ID: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Daniel Eischen <deischen@freebsd.org>
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2013 22:48:15 -0000

We need to log all translations from internal IP addresses to
external addresses.  It's good enough to have IPv4 to Ipv4
translations for TCP streams, just one log for the start of
each stream.

We're using FreeBSD-9.1-stable and IPFW with userland natd.
The -log option of natd just seems to log statistics, not
any translation information.  I can't see any easy way to
do this with ipfw's rule log option either.

Any ideas?

-- 
DE