On 07/01/2003 09:32:48 Bas Zoetekouw wrote: >> Hi Peter! >> >> You wrote: >> >> > i'm about to set up port forwarding on a firewall to be able to reach >> > some hosts on the lan from the outside. i wish to use iptables prerouting >> > rules. my question is, is there a way to detect the port forwarding, >> > and/or get info about the host i forward to (ip address mainly) ? >> > supposing that the service i reach is free of bugs. as of my understanding >> > of prerouting, this is not likely. >> >> Do you mean something like a log of forwarded connections? That can >> simply be accomplished with the LOG target of iptables. >> >> PS: debian-security is not meant for discussing securing your firewall, >> but rather for reporting security vulnerabilities in Debian packages. >> The debian-user mailing list is more appropraite for this kind of >> questions. I would recommend debian-firewall as there is intense discussion there of iptables. Also look at this: http://lists.debian.org/debian-firewall/2003/debian-firewall-200301/msg00030.html Specifically, as Jason McCarty says: "If you did have them, they would go in INPUT. However, you already log and drop them. However, a real concern is that someone could easily fill up your logs with junk packets. You can prevent this by putting a limit match (-m limit --limit 2/min for example) in your LOG lines. The problem with that is that you might miss some important packets since the few that are getting logged are unimportant. I don't really know a solution to this conundrum. I just log at 3/min."
