iptables: log connection after SNAT/MASQUERADE command
I have the following problem with iptables in Debian 6:
My server works as a router and it needs to log server external IP+port for all outgoing connections.
But after command SNAT or MASQUERADE traffic is "lost".
I mean no following rules can catch those traffic.
Everything looks like SNAT/MASQUERADE is the "end" rule and it pushes traffic to network immediately.
How can I log routed connection data with server external IP and port?