I have a box setup as a router using Iptables (masquerade), logging all network traffic.
The problem:
Connections from LAN IPs to WAN show fine, i.e. SRC=192.168.32.10 -> DST=60.242.67.190
but for traffic coming from WAN to LAN it will show the WAN IP as the source, but the routers IP as the destination, then the router -> LAN IP.
I.e. SRC=60.242.67.190 -> DST=192.168.32.199
SRC=192.168.32.199(router) -> DST=192.168.32.10
How do I configure it so that it logs the conversations correctly?
SRC=192.168.32.10 -> DST=60.242.67.190
SRC=60.242.67.190 > DST=192.168.32.10
Any help appreciated, cheers
Best Answer
the info you need is only in the connection tracking table. Have a look at conntrack(8) how to get it. Logging it in real time might be tricky though, maybe something using -j ULOG and ulogd.