I asked this in Linux-Security earlier and got no useful answer.
Linux k 2.4.3, debian woody, iptables v1.2.1
A port mapped statically from ppp0 to a computer on the inside (eth0)
iptables -t nat -A PREROUTING -p tcp -i ppp0 –dport 1234 -j DNAT –to-destination 10.1.1.200:4321
This works great.. Now, how can I log these connections?
I would have thought that something like
iptables -A FORWARD -i ppp0 -p tcp –dport 1234 -j LOG
should have done it, but I guess PREROUTING grabs the packet before it even enters the rest of the chain, I tried with INPUT/OUTPUT and changed the fw-script positions to see if putting it in a different location in the
chain would help, but nothing I tried seemed to work… It does log if I remove the PREROUTING rule and specifies log on INPUT.
any clue? (-j LOG is not valid in the -t nat table)