How to log remote or external ip address of remote clients

**nelsonym** · 09-15-2010

We're using both SuSe and RHEL servers. Our servers are running behind firewall device and remote root login is disabled in SSH.

We're using NAT.

Remote client connections including failed logins are logged into the /var/log/messages but what is logged are gateway ip of our LAN - the LAN IP of Firewall device.

How can I logged the external or public IP of the remote client?

**RDU** · 09-15-2010

It seem your nat is not done correctly, else you'll see the external IP in the log.
For external incomming connection, you should have something like :

iptables -t nat -A PREROUTING -d YourFirewallExternalEthIP --dport 22 -j DNAT --to-dest YourLanServerIp

If you got a changed source address, you probably had some SNAT wrong

**nelsonym** · 09-19-2010

HI,

Hi thanks for the command, I got this error executing that command:

In RHEL
iptables v1.3.5: Unknown arg `--dport'

In SUSE
iptables v1.4.0: Unknown arg `--dport'

Thanks,

**RDU** · 09-20-2010

Sorry, I type too fast... to use dport (destination port) you need to select tcp or udp protocol, so add : -p tcp after PREROUTING

**nelsonym** · 09-29-2010

Thanks for the help. My problem is resolved. iptalbes is not applicable to our server because we're not using it. I just disable the MASQ in our firewall device.

Thanks,

Thread Tools

Display

How to log remote or external ip address of remote clients

Posting Permissions