On Sun, Dec 28, 2014 at 11:51 PM, Paul Robert Marino <prmarino1@xxxxxxxxx> wrote: > this is something ive been planing to look at for a while but havent > had the time https://metacpan.org/pod/distribution/Net-Netfilter-NetFlow/bin/nfflowd > this converts conntrack data into netflow data then you should be able > to use any compatible netflow collector to d what you need. Hmmm, still not optimal, as you have to still correlate three flows to get the return (inbound) traffic matched to the relevant internally NATted IP. I'm more thinking of proposing a NetFlow V5+/V5bis/V10 to cater for the NATting phenomena. Have been giving me food for thought in solving/tracking my troubles, > > On Sat, Dec 27, 2014 at 5:02 PM, Hendrik Visage <hvjunk@xxxxxxxxx> wrote: >> Hi there, >> >> >> I'm in need to track internal NATted/masquaraded IPs bandwidth >> utilization, mapped to which outbound interface was used as I have >> multiple outbound routes/interfaces as well as transparent caching as >> an encore, and I need to account for the bandwidth used by the >> firewall/server too as some service runs on it too. >> >> What I'm looking for, is something like conntrack -L output, but for >> each packet in each direction with it's input, output interfaces and >> size, preferably logged via ULOG/NFLOG mechanism and not the kernel >> logging method. >> >> Any advice on how to achieve this? >> >> Thank you >> Hendrik VIsage >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
