NAT logging outside IP

tomastheswede · February 17, 2025, 2:30pm

Hello

We are piloting a vyos-server as nat-service provider.
The standard logs when running “set nat source rule XX log” only show origin IP and ports used, is there some way to make it include which outside IP was used?

Current output:
Feb 17 14:21:35 HOST kernel: [1040619.693024] [SRC-NAT-10]IN=INTERFACE OUT=INTERFACE MAC=XX:XX SRC=IP-address DST=IP-address LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=53280 DF PROTO=TCP SPT=PORT DPT=PORT WINDOW=64240 RES=0x00 SYN URGP=0

Requested output:
Feb 17 14:21:35 HOST kernel: [1040619.693024] [SRC-NAT-10]IN=INTERFACE OUT=INTERFACE MAC=XX:XX SRC=Inside-IP-address WAN=Outside-IP-address DST=Destination-IP-address LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=53280 DF PROTO=TCP SPT=PORT DPT=PORT WINDOW=64240 RES=0x00 SYN URGP=0

Apachez · February 17, 2025, 2:34pm

I assume you have already looked into the CGNAT options which will create a static mapping between customer and set of IP/ports to be used by that customer?

https://docs.vyos.io/en/latest/configuration/nat/cgnat.html

tomastheswede · February 17, 2025, 3:34pm

Yes we tried that but came to the conclusion that we want a dynamic session table, but thank you for the input

tjh · February 17, 2025, 11:43pm

I’m pretty sure that’s a kernel log you’re looking at there and it can’t easily be modified.

I wonder if exporting netflow data might do what you’re after?

Viacheslav · February 18, 2025, 3:20am

One of the logs for CGNAT T6442
set nat cgnat log-allocation

Or try conntrack logger T6362: Create conntrack logger daemon by HollyGurza · Pull Request #3804 · vyos/vyos-1x · GitHub

tomastheswede · February 24, 2025, 9:13am

This might need a new thread but does anyone know which takes more CPU-power, running NAT or CGNAT? Guessing CGNAT but genuinely clueless to be honest

system · February 26, 2025, 9:14am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.