From owner-freebsd-hackers@FreeBSD.ORG  Thu May 16 01:52:32 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id ED066FB9
 for <freebsd-hackers@freebsd.org>; Thu, 16 May 2013 01:52:32 +0000 (UTC)
 (envelope-from eischen@vigrid.com)
Received: from mail.netplex.net (mail.netplex.net [204.213.176.9])
 by mx1.freebsd.org (Postfix) with ESMTP id B7A20824
 for <freebsd-hackers@freebsd.org>; Thu, 16 May 2013 01:52:32 +0000 (UTC)
Received: from sea.ntplx.net (sea.ntplx.net [204.213.176.11])
 by mail.netplex.net (8.14.6/8.14.6/NETPLEX) with ESMTP id r4G1qVMf020932
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2013 21:52:31 -0400
X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.netplex.net)
X-Greylist: Message whitelisted by DRAC access database, not delayed by
 milter-greylist-4.4.1 (mail.netplex.net [204.213.176.9]);
 Wed, 15 May 2013 21:52:31 -0400 (EDT)
Date: Wed, 15 May 2013 21:52:31 -0400 (EDT)
From: Daniel Eischen <eischen@vigrid.com>
X-X-Sender: eischen@sea.ntplx.net
To: freebsd-hackers@freebsd.org
Subject: Re: Logging natd translations
In-Reply-To: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net>
Message-ID: <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net>
References: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2013 01:52:33 -0000

On Wed, 15 May 2013, Daniel Eischen wrote:

> We need to log all translations from internal IP addresses to
> external addresses.  It's good enough to have IPv4 to Ipv4
> translations for TCP streams, just one log for the start of
> each stream.
>
> We're using FreeBSD-9.1-stable and IPFW with userland natd.
> The -log option of natd just seems to log statistics, not
> any translation information.  I can't see any easy way to
> do this with ipfw's rule log option either.
>
> Any ideas?

To answer my own question, it looks like I can add an ipfw
rule such as:

   divert natd log tcp from INSIDE_NET to any OUTSIDE_NET setup

and that basically gives me what I want.

-- 
DE