At 03:18 PM 3/15/2001 -0300, Mads Rasmussen wrote:
>Say, how do you log this rule:
>
>iptables -A OUTPUT -t nat -p tcp -d 1.2.3.4 --dport 8080 \
> -j DNAT --to 192.168.1.1:80
>
>The only logging I could find was to use the -j option LOG but you cannot
>use two -j options at the same time.
>
>I hope I have misunderstood something and that I don't have to format my
>linux 2.4 partion and install OpenBSD
From what I have been able to gather, the style for logging packets has
changed,
I believe, due to the new options for the LOG target. Because this is a
"fall through"
style rule set the proper way to log packets using 2.4 iptables would be to
place a
logging rule before an action rule, something like this:
iptables -A OUTPUT -t nat -ptcp -d 1.2.3.4 --dport 8080 \
-j LOG
and then the rule above.
I think you may have another problem here as well. The new iptables and
netfilter
code has changed which chains handle the NAT functions. You may want to take
a look at the POSTROUTING and PREROUTING chains, as this is where NAT
should be done as far as I have been able to gather.
Of course, I could be very wrong about all of this :) Its just my
understanding...
--
Matthew Micene
Systems Development Manager
Express Search Inc.
www.ExpressSearch.com
