Re: IPTABLES FOR TRAFFIC MONITORING

From: baruah (b_baruah_at_hotmail.com)
Date: 01/10/05


Date: 10 Jan 2005 07:47:55 -0800

Hi,
thx for the cue.
I'm using the following:

#LOG USER SPECIFIC [ONLY HTTP]
#iptables -t nat -N LOG-HTTP
#iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW
-j LOG-HTTP
#iptables -t nat -A LOG-HTTP -j LOG --log-tcp-options --log-ip-options
--log-prefix "[OUT-HTTP] : "
#iptables -t nat -A LOG-HTTP -j ACCEPT
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128

#LOG USER SPECIFIC [OTHER THEN HTTP]

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -N LOG-TCP
iptables -t nat -A POSTROUTING -p tcp --dport 0:65535 -m state --state
NEW -j LOG-TCP
iptables -t nat -A LOG-TCP -j LOG --log-tcp-options --log-ip-options
--log-prefix "[OUT-TCP] : "
iptables -t nat -A LOG-TCP -j ACCEPT

Can anyone tell above code will work in case of POSTROUTING ? I will
try that tomorrow.

regards all
baruah

Robert wrote:
> On Fri, 07 Jan 2005 07:31:20 -0800, baruah wrote:
>
> > Can Iptables be used to monitor traffic coming from each internal
user ?
>
> Yes. Just log all new packets for each port. Something like this:
>
> iptables -A OUTPUT -o <interface> -p tcp --dport 80 -m state --state
NEW -j LOG-HTTP
>
> iptables -N LOG-HTTP
> iptables -A LOG-HTTP -j LOG --log-tcp-options --log-ip-options
--log-prefix "[OUT-HTTP] : "
> iptables -A LOG-HTTP -j ACCEPT
>
> > We would like to keep a log of TELNET, SMTP, POP, SSH HTTP, HTTPS,
etc.
> > for each user !!
>
> This will only log the packets, you would have to write a script to
group
> the information together for eack user
>
>
> --
>
> Regards
> Robert
>
> Smile... it increases your face value!
>
>
>
> ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet
News==----
> http://www.newsfeeds.com The #1 Newsgroup Service in the World!
>100,000 Newsgroups
> ---= East/West-Coast Server Farms - Total Privacy via Encryption =---