Logging natd translations
Julian Elischer
julian at freebsd.org
Fri May 17 02:04:20 UTC 2013
On 5/15/13 9:52 PM, Daniel Eischen wrote:
> On Wed, 15 May 2013, Daniel Eischen wrote:
>
>> We need to log all translations from internal IP addresses to
>> external addresses. It's good enough to have IPv4 to Ipv4
>> translations for TCP streams, just one log for the start of
>> each stream.
>>
>> We're using FreeBSD-9.1-stable and IPFW with userland natd.
>> The -log option of natd just seems to log statistics, not
>> any translation information. I can't see any easy way to
>> do this with ipfw's rule log option either.
>>
>> Any ideas?
>
> To answer my own question, it looks like I can add an ipfw
> rule such as:
>
> divert natd log tcp from INSIDE_NET to any OUTSIDE_NET setup
>
> and that basically gives me what I want.
why not turn on the logging on natd?
I think it has an option for logging new sessions..
More information about the freebsd-hackers
mailing list