Hi Guys, I have been using shorewall for over 2 years now but never joined the mailing list. So far, it has worked flawlessly and I like it. I use it to do NAT i.e. map multiple local IPs to one public IP. Recently, my boss asked me if we could see the nat translations/sessions. I did some digging and found out we could by using this command */sbin/shorewall show connections* My question is - is the above command written to a log file. Can I make the above command to write to a log file so I can review it later? -- Alex Dehaini ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Alex Dehaini wrote:> Hi Guys, > > I have been using shorewall for over 2 years now but never joined the > mailing list. So far, it has worked flawlessly and I like it. I use it > to do NAT i.e. map multiple local IPs to one public IP. > > Recently, my boss asked me if we could see the nat > translations/sessions. I did some digging and found out we could by > using this command > > */sbin/shorewall show connections* > > My question is - is the above command written to a log file. Can I make > the above command to write to a log file so I can review it later?/sbin/shorewall show connections >> log -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Alex Dehaini wrote:>Recently, my boss asked me if we could see the nat >translations/sessions. I did some digging and found out we could by >using this command > >/sbin/shorewall show connections > >My question is - is the above command written to a log file. Can I >make the above command to write to a log file so I can review it >later?It''s Linux (ie a ''Unix-like'' system), therefore you can do "command > file" eg : shorewall show connections > connections_log Worst case is if the command writes to std_err, in which case you''d have to add "2>&1" on the end, eg : command > log_file 2>&1 You can of course also use all the normal plumbing tools, eg : command | grep "pattern" > some_file This is all basic shell work. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
But the log file will be huge man On Wed, Sep 10, 2008 at 4:24 PM, Tom Eastep <teastep@shorewall.net> wrote:> Alex Dehaini wrote: > >> Hi Guys, >> >> I have been using shorewall for over 2 years now but never joined the >> mailing list. So far, it has worked flawlessly and I like it. I use it to do >> NAT i.e. map multiple local IPs to one public IP. >> >> Recently, my boss asked me if we could see the nat translations/sessions. >> I did some digging and found out we could by using this command >> >> */sbin/shorewall show connections* >> >> My question is - is the above command written to a log file. Can I make >> the above command to write to a log file so I can review it later? >> > > /sbin/shorewall show connections >> log > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- Alex Dehaini Developer Site - www.alexdehaini.com Email - alexdehaini@gmail.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Alex Dehaini wrote:> But the log file will be huge manAnd your point is? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
The bigger the file size, the slower it will be when searching for a particular string. The idea is to keep log file(s) of the entire nat sessions for record purpose. I wasn''t trying to prove any point; I reckon there might be an alternative approach. Thanks for your help mate, well appreciated. On Wed, Sep 10, 2008 at 4:46 PM, Tom Eastep <teastep@shorewall.net> wrote:> Alex Dehaini wrote: > >> But the log file will be huge man >> > > And your point is? > > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- Alex Dehaini Developer Site - www.alexdehaini.com Email - alexdehaini@gmail.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Alex Dehaini wrote:> The bigger the file size, the slower it will be when searching for a > particular string. The idea is to keep log file(s) of the entire nat > sessions for record purpose. > > I wasn''t trying to prove any point; I reckon there might be an > alternative approach.There is -- you can use the conntrack utility. It has a command that monitors changes to the conntrack table and only logs those. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
thanks mate On Wed, Sep 10, 2008 at 4:56 PM, Tom Eastep <teastep@shorewall.net> wrote:> Alex Dehaini wrote: > >> The bigger the file size, the slower it will be when searching for a >> particular string. The idea is to keep log file(s) of the entire nat >> sessions for record purpose. >> >> I wasn''t trying to prove any point; I reckon there might be an alternative >> approach. >> > > There is -- you can use the conntrack utility. It has a command that > monitors changes to the conntrack table and only logs those. > > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- Alex Dehaini Developer Site - www.alexdehaini.com Email - alexdehaini@gmail.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/