Re: iptable mac address not showing in log

To: debian-security@lists.debian.org
Subject: Re: iptable mac address not showing in log
From: Vladislav Kurz <vladislav.kurz@webstep.net>
Date: Tue, 19 Feb 2013 10:24:02 +0100
Message-id: <[🔎] 201302191024.03864.vladislav.kurz@webstep.net>
In-reply-to: <[🔎] 1361253372293-2872899.post@n7.nabble.com>
References: <[🔎] 1361253372293-2872899.post@n7.nabble.com>

On Tuesday 19 of February 2013, sectech wrote:
> Hi, I need the mac address of the originating request of out going packets.
> Im not sure if im missing something or maybe debian squeeze does not have
> this functionality? But here is my iptable command and im logging ALL NEW
> requests out-going (INFO) on eth0
> iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -j LOG --log-level 6
> iptables -A OUTPUT -o eth0 -p udp -m state --state NEW -j LOG --log-level 6
> 
> Feb 18 22:17:32 my-debian kernel: [50421.784255] IN= OUT=eth0 SRC=1.1.1.1
> DST=2.2.2.2 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=13743 PROTO=UDP SPT=1765
> DPT=53 LEN=61

Hi, if you are logging in OUTPUT chain, then the MAC adress is the address of 
your computer. Only packets generated by the computer itself are logged. In 
this case see "ifconfig eth0" to get your MAC address.

Perhaps you wanted to log outgoing packets in the FORWARD chain?

-- 
S pozdravem
        Vladislav Kurz

=== WebStep, s.r.o. (Ltd.) ========= a step to the Web ===
address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711
=== www.webstep.net ======= vladislav.kurz@webstep.net ===

Reply to:

References:
- iptable mac address not showing in log
  - From: sectech <support@securemytechnology.com>

Prev by Date: iptable mac address not showing in log
Next by Date: Re: [SECURITY] [DSA 2628-1] nss-pam-ldapd security update
Previous by thread: iptable mac address not showing in log
Next by thread: Re: iptable mac address not showing in log
Index(es):
- Date
- Thread