How to set up logs to record nat static？

answer · May 9, 2024, 7:42am

Viacheslav · May 9, 2024, 11:30am

Not implemented for the static

answer · May 21, 2024, 2:45am

How to make up for this functional deficiency?

Viacheslav · May 21, 2024, 5:26am

Static NAT is the same as SNAT and DNAT together just in one
You can use them

Apachez · May 21, 2024, 8:09am

Since its static you already know which IP is getting translated from/to which gives if you want to log the traffic you can do so on the regular firewall rules that allows this NATed traffic (depending on direction the rule will either be before nating or after nating).

As I recall it the firewall rules will for SNAT act on the new srcip aka after NATing occured (because thats what input/output/forward chains will see) while for DNAT the firewall rules will act on the old dstip (aka before NATing occured).

The flow for this is like: ingress → SNAT (if needed) → firewall rules → DNAT (if needed) → egress

16again · May 21, 2024, 8:09pm

afaik , order is:
ingress → DNAT (if needed) → firewall/routing → SNAT (if needed) → egress

answer · May 22, 2024, 1:05am

Thank you for your reply. I will give it a try.

answer · May 22, 2024, 1:06am

Thank you for your reply.