如何记录所有传入的数据包 [英] How to log all incoming packets
问题描述
我尝试了一个路由规则,将传入的数据包重定向到内部虚拟IP地址.
在重定向进入的数据包之前,我该如何记录它?
iptables -t nat -A PREROUTING -d 46.X.XX.XX -s 78.XX.XX.XX -p tcp --dport 80 --sport 1024: -j DNAT --to-destination 192.168.122.10:8080
以下规则不起作用.
iptables -t nat -A PREROUTING -d 0/0 -s 0/0 -p tcp -j LOG --log-level 4
iptables -t nat -I PREROUTING -d 0/0 -s 0/0 -p tcp -j LOG --log-level 4
您需要将日志记录规则放在规则的最开始.
# iptables -I INPUT 1 -m limit --limit 5/m -j LOG --log-prefix="iptables: dropped packets" --log-level 4
-
-I INPUT 1
:这意味着将规则附加到INPUT链的第一位,然后再进行其他操作. -
-m limit
:这表明我们希望使用极限匹配模块.使用此选项,我们可以使用–limit选项限制日志记录. -
--limit 5/m
:这是我们刚才讨论的极限选项.这意味着我们希望将日志记录的最大平均匹配率限制为每分钟5个.您还可以根据您的环境和需求指定5/秒,40/分钟,1/小时,3/天. -
-j LOG
:这告诉iptables跳转到LOG,即写入日志文件. -
-–log-prefix
"iptables:丢弃的数据包":您可以指定任何日志前缀,这些前缀将附加到将被写入/var/log/messages文件的日志消息中 -
-–log-level 4
:syslog 4级表示警告.您可以使用0到7之间的数字.0是紧急情况下的最大值,而7是调试情况下的最小值.
src >
I tried a prerouting rule to redirect incoming packets to a internal virtual IP address.
How can I log an incoming packet before it gets redirected?
iptables -t nat -A PREROUTING -d 46.X.XX.XX -s 78.XX.XX.XX -p tcp --dport 80 --sport 1024: -j DNAT --to-destination 192.168.122.10:8080
The following rules didn't work.
iptables -t nat -A PREROUTING -d 0/0 -s 0/0 -p tcp -j LOG --log-level 4
iptables -t nat -I PREROUTING -d 0/0 -s 0/0 -p tcp -j LOG --log-level 4
You need the logging rule to be at the very beginning of your rules.
# iptables -I INPUT 1 -m limit --limit 5/m -j LOG --log-prefix="iptables: dropped packets" --log-level 4
-I INPUT 1
: This means append the rule to the INPUT chain at 1st place just before anything else.-m limit
: This tells that we wish to use the limit matching module. Using this we can limit the logging using –limit option.--limit 5/m
: Here comes the limit option we just talked about. This means we want to limit the maximum average matching rate for logging to 5 per minute. You can also specify 5/second, 40/minute, 1/hour, 3/day like that according to your environment and needs.-j LOG
: This tells iptables to jump to LOG i.e write to the log file.-–log-prefix
"iptables: dropped packets" : You can specify any log prefix, which will be appended to the log messages that will be written to the /var/log/messages file-–log-level 4
: syslog level 4 stands for warning. You can use number from the range 0 through 7. 0 being the highest for emergency and 7 being the lowest for debug.
这篇关于如何记录所有传入的数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!