1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables & connection logging

Discussion in 'Tomato Firmware' started by blackrhino, Oct 18, 2008.

  1. blackrhino

    blackrhino Addicted to LI Member

    Hi. I'm trying to write a firewall script that will log when one of my LAN clients sends mail via smtp port 25 to my isp's smtp server. I don't want to enable logging for all outbound connections though. It's a small LAN and there are access restriction rules for each client.

    I'm not fluent with the use of iptables yet, but I've been reading plenty. I came across this command...

    iptables -A INPUT -p tcp --dport 25 -j LOG --log-prefix "SMTPTRAFFIC:"

    I know there's no source and destination flags set in the above command at the moment, but I'm not quite sure what the rest of the command should contain. I know 'INPUT' isn't what I should have there and 'LOG' doesn't exist when I run iptables -L

    Can anyone point me in the right direction? Is it even possible to create logging rules if outbound connection logging is set to disabled?

    If I can provide any more info to help you understand what I'm looking for here, just let me know.

    Thanks much.
     
  2. mstombs

    mstombs Network Guru Member

    Interesting challenge, you want to use the FORWARD chain that's what gets passed on by the router, use state to only log the first packet, Insert puts the rule at the top, maybe not need state if you add this below the ACCEPT established/related rule.

    Code:
    iptables -I FORWARD -p tcp --dport 25 -m state --state new -j LOG --log-prefix "SMTP:"
    Had to use an old mail account to test, gmail or corporate uses secure methods/ports!
     
  3. blackrhino

    blackrhino Addicted to LI Member

    And the winner is....Thanks mstombs. Exactly what I was looking for, works like a charm.
     

Share This Page