Date: Thu, 16 May 2013 22:52:36 -0400 (EDT) From: Daniel Eischen <deischen@freebsd.org> To: Julian Elischer <julian@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Logging natd translations Message-ID: <Pine.GSO.4.64.1305162249060.18558@sea.ntplx.net> In-Reply-To: <51959013.5040005@freebsd.org> References: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net> <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net> <51959013.5040005@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 16 May 2013, Julian Elischer wrote: > On 5/15/13 9:52 PM, Daniel Eischen wrote: >> On Wed, 15 May 2013, Daniel Eischen wrote: >> >>> We need to log all translations from internal IP addresses to >>> external addresses. It's good enough to have IPv4 to Ipv4 >>> translations for TCP streams, just one log for the start of >>> each stream. >>> >>> We're using FreeBSD-9.1-stable and IPFW with userland natd. >>> The -log option of natd just seems to log statistics, not >>> any translation information. I can't see any easy way to >>> do this with ipfw's rule log option either. >>> >>> Any ideas? >> >> To answer my own question, it looks like I can add an ipfw >> rule such as: >> >> divert natd log tcp from INSIDE_NET to any OUTSIDE_NET setup >> >> and that basically gives me what I want. > > why not turn on the logging on natd? > > I think it has an option for logging new sessions.. I tried the -log option to natd, but it just logged statistics, not new connection information. natd(8) doesn't show any other useful options. When I did try natd -log, that was under an older version of FreeBSD (6.x?), but we just upgraded the system to 9-stable and I didn't try it again. -- DE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.64.1305162249060.18558>