How to set up logging of all connections to the server?

B

Bermut2021-08-02 08:05:03

System administration

Bermut, 2021-08-02 08:05:03

In general, the wireguard server, nat, has ip - 10.0.0.1, and several machines behind nat, if you look at the nginx logs, then there are all connections from ip - 10.0.0.1, and two ideas came to my mind:

1. Port redirect indicating ip (so that web hosting logs not 10.0.0.1, but the original ip)
2. Set up connection logging on the main vpn server, for example, connect from ip 2.2.2.2 to port 443

Which option is simpler, and is it possible at all?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

B

Bermut, 2021-08-02
@Bermut

he asked the question himself, and answered it himself, after 4 hours of searching, I found such a rule for iptables, and it solved my question

sudo iptables -t nat -A PREROUTING -p tcp --dport <порт, который нужно переправлять> -j DNAT --to-destination <ip:порт, куда нужно переправлять>

H

hint000, 2021-08-02
@hint000

For example, log in iptables.

iptables -t nat -A PREROUTING -p tcp --dport 443 -j LOG --log-prefix "iptables:" --log-level 6

A

Alexander Karabanov, 2021-08-02
@karabanov

From the description, I didn’t really understand how your configuration is arranged, but I think the ngx_http_realip_module will help.
For example, if you need to configure limit and you will need real IP clients.
NGINX: real IP in logs