Date: Thu, 16 May 2013 22:04:03 -0400 From: Julian Elischer <julian@freebsd.org> To: Daniel Eischen <eischen@vigrid.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Logging natd translations Message-ID: <51959013.5040005@freebsd.org> In-Reply-To: <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net> References: <Pine.GSO.4.64.1305151718500.12542@sea.ntplx.net> <Pine.GSO.4.64.1305152145320.13653@sea.ntplx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/13 9:52 PM, Daniel Eischen wrote: > On Wed, 15 May 2013, Daniel Eischen wrote: > >> We need to log all translations from internal IP addresses to >> external addresses. It's good enough to have IPv4 to Ipv4 >> translations for TCP streams, just one log for the start of >> each stream. >> >> We're using FreeBSD-9.1-stable and IPFW with userland natd. >> The -log option of natd just seems to log statistics, not >> any translation information. I can't see any easy way to >> do this with ipfw's rule log option either. >> >> Any ideas? > > To answer my own question, it looks like I can add an ipfw > rule such as: > > divert natd log tcp from INSIDE_NET to any OUTSIDE_NET setup > > and that basically gives me what I want. why not turn on the logging on natd? I think it has an option for logging new sessions..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51959013.5040005>