Re: Logging NAT translations and correlating nat & rule logs

Reply: Özkan KIRIK : "Re: Logging NAT translations and correlating nat & rule logs"
In reply to: Özkan KIRIK : "Re: Logging NAT translations and correlating nat & rule logs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Özkan KIRIK <ozkan.kirik_at_gmail.com>
Date: Tue, 28 Dec 2021 04:50:41 UTC

Hi,

I've cherry picked 8e496ea1df1 commit to stable/12 on my local branch.
Patch works properly.
But the ruleset section in the pflog header is empty. The anchor name
of rdr rule was not filled into the pflog header.

I'm also looking for a packet identifier for aggregating the nat and
rule logs of the same traversing packet.
Does it make sense to use ip.id field of ip header within 1 second
time window for aggregating logs ?

Thanks and regards

On Wed, Dec 1, 2021 at 4:23 PM Özkan KIRIK <ozkan.kirik@gmail.com> wrote:
>
> Thank you Franco, I'll test it
>
> On Wed, Dec 1, 2021 at 4:10 PM Franco Fichtner <franco@lastsummer.de> wrote:
> >
> > Hi Özkan,
> >
> > > On 28. Nov 2021, at 8:06 PM, Özkan KIRIK <ozkan.kirik@gmail.com> wrote:
> > >
> > > I'm trying to log NAT, BINAT, RDR translations. But the "nat log on
> > > ...." statement only logs the packets after translation is done. So
> > > the information before translation is lost.
> > > Is there a way to log the translation details ?
> >
> > https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introduced
> > to address this but has not been moved to stable/12 or stable/13.
> >
> > I see there is some controversy around patches that made it to stable
> > for less so I'd probably advocate to add this patch as well since it
> > solves a longterm issue with NAT logging visibility.
> >
> >
> > Cheers,
> > Franco