From Free Software Directory
Revision as of 04:36, 21 December 2019 by Fbb (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


utility logging connections thru a firewall using source natting

Natlog is a utility logging traffic through a firewall that performs source-NATting (a.k.a. POSTROUTING).

Firewalls like iptables usually offer POSTROUTING source network address translation facilities changing the source address of a host behind the firewall to the address of the host before the firewall.

The standard log facilities provided by iptables do not easily allow us to associate addresses behind the firewall to their source-natted equivalents before the firewall. Natlog was designed to fill in that particular niche.

When running natlog, messages are sent to the syslog daemon and/or to the standard output stream showing the essential characteristics of the connection using source natting. Here is an example:

from Fri 8 22:30:10:55588 until Fri 8 22:40:43:807100: (via: to

Logs like these allow system administrators to associate, e.g., a complaint arriving for the firewall's IP address (in the example: with a computer behind the firewall (e.g., that actually was responsible for the complaint.

Natlog depends on facilities provided by iptables, but may also generate logs directly using facilities offered by the pcap library.

To create the program from its sources, either descend into the natlog directory, or unpack a created archive, cd into its top-level directory and follow the instructions provided in the INSTALL file found there.

Alternatively, binary ready-to-install versions of natlog are available in verious Linux distributions, in particular Debian. See, e.g.,

Gitlab's web-pages for natlog are here:


Leaders and contributors

Resources and communication

Software prerequisites


Property "Submitted by" (as page type) with input value "{{{Submitted by}}}" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
"{{{Submitted date}}}" contains an extrinsic dash or other characters that are invalid for a date interpretation.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.