iptables Logging

I have several ports on my linux firewall mapped to internal machines, and I'd like to log traffic to these devices. So far, I haven't had much luck. Here is one of the lines in my ipmasq script that forwards a port:

/usr/sbin/iptables -A PREROUTING -t nat -p tcp -d $extip --dport 6112 -j DNAT --to 192.168.0.10:6112

I've tried iptables -A PREROUTING -t nat -v -d 192.168.0.0/24 -j LOG --log-prefix="nat PREROUTING:" but that dosen't seem to be it, as I can telnet to one of the forwarded ports (from a box outside my network), and nothing shows in the logs.

Try this sequence:

/usr/sbin/iptables -A PREROUTING -t nat -p tcp -d $extip --dport 6112 -j LOG --to 192.168.0.10:6112
/usr/sbin/iptables -A PREROUTING -t nat -p tcp -d $extip --dport 6112 -j DNAT --to 192.168.0.10:6112

And also try "ipchains --log-level=0" to ensure the messages show up, regardless of your default log settings.

Cheers