From owner-freebsd-hackers@FreeBSD.ORG  Fri May 17 02:04:20 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id D8D061C6
 for <freebsd-hackers@freebsd.org>; Fri, 17 May 2013 02:04:20 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 by mx1.freebsd.org (Postfix) with ESMTP id B1EE9CC1
 for <freebsd-hackers@freebsd.org>; Fri, 17 May 2013 02:04:20 +0000 (UTC)
Received: from Julian-MBP3.local ([137.122.64.25]) (authenticated bits=0)
 by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id r4H249MP040901
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Thu, 16 May 2013 19:04:19 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Message-ID: <51959013.5040005@freebsd.org>
Date: Thu, 16 May 2013 22:04:03 -0400
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Daniel Eischen <eischen@vigrid.com>
Subject: Re: Logging natd translations
References: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net>
 <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net>
In-Reply-To: <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 02:04:20 -0000

On 5/15/13 9:52 PM, Daniel Eischen wrote:
> On Wed, 15 May 2013, Daniel Eischen wrote:
>
>> We need to log all translations from internal IP addresses to
>> external addresses.  It's good enough to have IPv4 to Ipv4
>> translations for TCP streams, just one log for the start of
>> each stream.
>>
>> We're using FreeBSD-9.1-stable and IPFW with userland natd.
>> The -log option of natd just seems to log statistics, not
>> any translation information.  I can't see any easy way to
>> do this with ipfw's rule log option either.
>>
>> Any ideas?
>
> To answer my own question, it looks like I can add an ipfw
> rule such as:
>
>   divert natd log tcp from INSIDE_NET to any OUTSIDE_NET setup
>
> and that basically gives me what I want.

why not turn on the logging on natd?

I think it has an option for logging new sessions..