A different approach is to use iptables counters in FORWARD chain (-s $CLIENT_IP -i eth0 -o ! eth0). That would require a rule for each user. -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Ming-Ching Tiew Sent: Wednesday, September 05, 2007 11:09 AM To: lartc@xxxxxxxxxxxxxxx Subject: NAT-aware traffic analysis I have tried using iptraf for my NAT firewall to analyse the IP traffic. Basically I am faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then all source IPs in the LAN are SNAT to the respective WAN interface when leave for internet. There are also DNAT traffic from internet to the LAN. I want to breakdown the statistic of LAN users using the internet. If I run iptraf on eth0, I will see the LAN stats, but I don't know for sure which one really go out to which WAN ( some traffic does not even go out to the WAN at all ! ). Then when I sniff at eth1 or eth2, I lost the information about the LAN IPs. How could I do a stateful or NAT-aware traffic analysis ? Anyone has a good suggestion ? -------------------------------------------------------- Important Warning! *************************** This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
