Re: Logging NAT translations and correlating nat & rule logs

Reply: Özkan KIRIK : "Re: Logging NAT translations and correlating nat & rule logs"
In reply to: Özkan KIRIK : "Logging NAT translations and correlating nat & rule logs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Franco Fichtner <franco_at_lastsummer.de>
Date: Wed, 01 Dec 2021 13:10:35 UTC

Hi Özkan,

> On 28. Nov 2021, at 8:06 PM, Özkan KIRIK <ozkan.kirik@gmail.com> wrote:
> 
> I'm trying to log NAT, BINAT, RDR translations. But the "nat log on
> ...." statement only logs the packets after translation is done. So
> the information before translation is lost.
> Is there a way to log the translation details ?

https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introduced
to address this but has not been moved to stable/12 or stable/13.

I see there is some controversy around patches that made it to stable
for less so I'd probably advocate to add this patch as well since it
solves a longterm issue with NAT logging visibility.

Cheers,
Franco