Wednesday, 27 May 2015

IPTables forwarding and custom logging /w WOL

Basically I'm wanting to do 2 things on the firewall/forwarding.

1. Forward all packets on a port example 25565 , from one address to another.
2. Log all the "connect" packets into a custom log file (preferably on a ram-drive since I don't want the actual logs for long.)

basic iptables options:
https://help.ubuntu.com/community/IptablesHowTo
How to add a new log file:
http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html

OK, now for the rule:   ???
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25565 -m state --state NEW,ESTABLISHED \
   -j DNAT --to 192.168.0.8:25565 
 
And have a log of the "NEW" connection (must come before the ACCEPT rule)
iptables -A INPUT -p tcp --dport 25565 -m state --state NEW -j LOG \
   --log-level 4 --log-prefix "newconnection"
 
I'm gonna spend a lot more time trying to get this to work than what I thought initially. But I gotta try.
Here is the English translation:
1. "LOG" all "NEW" connections on port 25565 to a separate file
2. "FORWARD" all traffic to port 25565 to address 192.168.0.8
3. Write python script to parse the log entries, run every 5 seconds, delete log file. Fire off a custom WOL UDP packet directed at 192.168.0.8
4. Done


No comments:

Post a Comment