Sure!
--- [EMAIL PROTECTED] /root]# ipchains -M -L IP masquerading entries prot expire source destination ports TCP 01:24.87 office01 slashdot.org 1039 (61007) -> www UDP 04:24.68 office01 ns4.atgi.net 1040 (61008) -> domain UDP 04:25.56 office01 ns4.atgi.net 1043 (61010) -> domain UDP 04:33.06 office01 ns4.atgi.net 1046 (61012) -> domain TCP 01:25.84 office01 images-aud.slashdot.org 1045 (61011) -> www UDP 04:33.25 office01 ns4.atgi.net 1049 (61014) -> domain UDP 03:45.74 office01 ns3.atgi.net 1027 (61002) -> domain UDP 03:45.71 office01 ns1.atgi.net 1027 (61001) -> domain UDP 03:48.23 office01 ns4.atgi.net 1029 (61003) -> domain UDP 03:45.71 office01 ns2.atgi.net 1026 (61000) -> domain UDP 04:04.65 office01 ns4.atgi.net 1034 (61004) -> domain UDP 04:23.89 office01 ns4.atgi.net 1037 (61006) -> domain TCP 01:56.37 office01 norton.rlug.org 1051 (61015) -> www TCP 01:56.37 office01 norton.rlug.org 1048 (61013) -> www TCP 01:15.57 office01 mail.greatbasin.net 1036 (61005) -> pop3 TCP 01:27.14 office01 ads.osdn.com 1042 (61009) -> www [EMAIL PROTECTED] /root]#
The above is for one client (office01) after retreiving mail, checking slashdot & rlug. We get our connectivity through ATG so I can see the connections to their nameservers as well as to the various sites.
--- [EMAIL PROTECTED] /root]# ipchains -M -L -n IP masquerading entries prot expire source destination ports TCP 01:54.20 192.168.100.102 66.35.250.150 1057 (61020) -> 80 UDP 04:46.38 192.168.100.102 64.42.113.69 1052 (61016) -> 53 UDP 04:51.59 192.168.100.102 64.42.113.69 1058 (61021) -> 53 TCP 14:51.33 192.168.100.102 65.19.178.104 1055 (61018) -> 80 TCP 14:51.53 192.168.100.102 65.19.178.104 1056 (61019) -> 80 TCP 01:54.60 192.168.100.102 66.35.250.67 1069 (61031) -> 80 TCP 01:54.64 192.168.100.102 66.35.250.55 1071 (61033) -> 80 TCP 01:54.62 192.168.100.102 66.35.250.55 1070 (61032) -> 80 TCP 01:54.71 192.168.100.102 66.35.250.55 1073 (61035) -> 80 TCP 01:54.70 192.168.100.102 66.35.250.55 1072 (61034) -> 80 TCP 01:54.79 192.168.100.102 66.35.250.55 1075 (61037) -> 80 TCP 01:54.78 192.168.100.102 66.35.250.55 1074 (61036) -> 80 TCP 01:52.25 192.168.100.102 66.35.250.55 1063 (61025) -> 80 TCP 01:51.94 192.168.100.102 66.35.250.55 1062 (61024) -> 80 TCP 01:52.36 192.168.100.102 66.35.250.55 1065 (61027) -> 80 TCP 01:52.24 192.168.100.102 66.35.250.55 1064 (61026) -> 80 TCP 01:54.39 192.168.100.102 66.35.250.55 1067 (61029) -> 80 TCP 01:52.36 192.168.100.102 66.35.250.55 1066 (61028) -> 80 TCP 01:54.39 192.168.100.102 66.35.250.55 1068 (61030) -> 80 TCP 01:48.76 192.168.100.102 207.228.35.39 1054 (61017) -> 110 TCP 01:51.94 192.168.100.102 66.35.250.55 1061 (61023) -> 80 TCP 01:52.35 192.168.100.102 66.35.250.62 1060 (61022) -> 80 [EMAIL PROTECTED] /root]#
Same, but with -n no lookup via DNS or /etc/services.
---
Does this help? I just cannot figure out the equivalent in iptables other than "cat /proc/net/ip_conntrack" & parsing it in my head as much as possible.
James Washer wrote:
Can you explain a little further what you want to see? Perhaps include a copy of the output from the ipchains that you want to duplicate with iptables?
- jim
-- Ed Jaeger
_______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
