From owner-freebsd-hackers@FreeBSD.ORG  Fri May 17 02:52:43 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 8E1AE702;
 Fri, 17 May 2013 02:52:43 +0000 (UTC)
 (envelope-from deischen@freebsd.org)
Received: from mail.netplex.net (mail.netplex.net [204.213.176.9])
 by mx1.freebsd.org (Postfix) with ESMTP id 56F0CE71;
 Fri, 17 May 2013 02:52:42 +0000 (UTC)
Received: from sea.ntplx.net (sea.ntplx.net [204.213.176.11])
 by mail.netplex.net (8.14.6/8.14.6/NETPLEX) with ESMTP id r4H2qaFh010214;
 Thu, 16 May 2013 22:52:36 -0400
X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.netplex.net)
X-Greylist: Message whitelisted by DRAC access database, not delayed by
 milter-greylist-4.4.1 (mail.netplex.net [204.213.176.9]);
 Thu, 16 May 2013 22:52:36 -0400 (EDT)
Date: Thu, 16 May 2013 22:52:36 -0400 (EDT)
From: Daniel Eischen <deischen@freebsd.org>
X-X-Sender: eischen@sea.ntplx.net
To: Julian Elischer <julian@freebsd.org>
Subject: Re: Logging natd translations
In-Reply-To: <51959013.5040005@freebsd.org>
Message-ID: <Pine.GSO.4.64.1305162249060.18558@sea.ntplx.net>
References: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net>
 <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net>
 <51959013.5040005@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-hackers@freebsd.org
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Daniel Eischen <deischen@freebsd.org>
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 02:52:43 -0000

On Thu, 16 May 2013, Julian Elischer wrote:

> On 5/15/13 9:52 PM, Daniel Eischen wrote:
>> On Wed, 15 May 2013, Daniel Eischen wrote:
>> 
>>> We need to log all translations from internal IP addresses to
>>> external addresses.  It's good enough to have IPv4 to Ipv4
>>> translations for TCP streams, just one log for the start of
>>> each stream.
>>> 
>>> We're using FreeBSD-9.1-stable and IPFW with userland natd.
>>> The -log option of natd just seems to log statistics, not
>>> any translation information.  I can't see any easy way to
>>> do this with ipfw's rule log option either.
>>> 
>>> Any ideas?
>> 
>> To answer my own question, it looks like I can add an ipfw
>> rule such as:
>>
>>   divert natd log tcp from INSIDE_NET to any OUTSIDE_NET setup
>> 
>> and that basically gives me what I want.
>
> why not turn on the logging on natd?
>
> I think it has an option for logging new sessions..

I tried the -log option to natd, but it just logged statistics,
not new connection information.  natd(8) doesn't show any other
useful options.  When I did try natd -log, that was under an
older version of FreeBSD (6.x?), but we just upgraded the system
to 9-stable and I didn't try it again.

-- 
DE