nftables : How to log packets going out of a router?

Question

We have a sudden failure of VoIP which is unable to connect. I can see UDP 5060 packets entering the router by the line :

add rule ip filter FORWARD udp dport 5060 log prefix "=======> FORWARD 5060"

But I didn't find the trick to log output, to be sure the packets are sent to the ADSL Box. The two following lines give a packet from time to time (around 1 over 100).

add rule ip filter OUTPUT udp dport 5060 log prefix "~~~~~~~> OUTPUT  5060"
add rule ip nat POSTROUTING udp dport 5060 log prefix "++++++> POSTROUTING 5060"
add rule ip nat OUTPUT udp dport 5060 log prefix " ******> OUTPUT  5060"

I have tested with tcp port 80 (Internet is working fine), and this gives teh same result, so this does not mean that the 5060 packets are lost, but only that the log is not well written.

I know that I could do that with wireshark or tcpdump, as indicated in this post : Analyse packets going out of my computer but it would be easier for me to have a continuous log inside nftables

score 1 · Answer 1 · answered Feb 29 '20 at 10:18

Although I would still be interested by the answer to my question, I add that tcpdump is really a good way to do what I want, and it is very easy to use.

tcpdump -v -i -eth1 port 5060  (to see packets entering the router)
tcpdump -v -i -eth0 port 5060  (to see packets going out of the router)

and just add -v to see the full content of the packet.

Log to file with -w

A beautiful tool, very easy to use.

nftables : How to log packets going out of a router?

1 Answers1