Re: IPTABLES FOR TRAFFIC MONITORING

From: baruah (b_baruah_at_hotmail.com)
Date: 01/10/05


Date: 10 Jan 2005 07:47:55 -0800

Hi,
thx for the cue.
I'm using the following:

#LOG USER SPECIFIC [ONLY HTTP]
#iptables -t nat -N LOG-HTTP
#iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW
-j LOG-HTTP
#iptables -t nat -A LOG-HTTP -j LOG --log-tcp-options --log-ip-options
--log-prefix "[OUT-HTTP] : "
#iptables -t nat -A LOG-HTTP -j ACCEPT
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128

#LOG USER SPECIFIC [OTHER THEN HTTP]

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -N LOG-TCP
iptables -t nat -A POSTROUTING -p tcp --dport 0:65535 -m state --state
NEW -j LOG-TCP
iptables -t nat -A LOG-TCP -j LOG --log-tcp-options --log-ip-options
--log-prefix "[OUT-TCP] : "
iptables -t nat -A LOG-TCP -j ACCEPT

Can anyone tell above code will work in case of POSTROUTING ? I will
try that tomorrow.

regards all
baruah

Robert wrote:
> On Fri, 07 Jan 2005 07:31:20 -0800, baruah wrote:
>
> > Can Iptables be used to monitor traffic coming from each internal
user ?
>
> Yes. Just log all new packets for each port. Something like this:
>
> iptables -A OUTPUT -o <interface> -p tcp --dport 80 -m state --state
NEW -j LOG-HTTP
>
> iptables -N LOG-HTTP
> iptables -A LOG-HTTP -j LOG --log-tcp-options --log-ip-options
--log-prefix "[OUT-HTTP] : "
> iptables -A LOG-HTTP -j ACCEPT
>
> > We would like to keep a log of TELNET, SMTP, POP, SSH HTTP, HTTPS,
etc.
> > for each user !!
>
> This will only log the packets, you would have to write a script to
group
> the information together for eack user
>
>
> --
>
> Regards
> Robert
>
> Smile... it increases your face value!
>
>
>
> ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet
News==----
> http://www.newsfeeds.com The #1 Newsgroup Service in the World!
>100,000 Newsgroups
> ---= East/West-Coast Server Farms - Total Privacy via Encryption =---



Relevant Pages

  • Re: Squid as default gateway in proxy mode.
    ... the console and ping. ... NAT only ICMP Echo Rep and Req so that i can at least ping outside ... control over traffic with IPtables firewall. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: setting up nat
    ... graphical firewall config tools on FC don't do NAT. ... You should realise that netfilter rules applied using the 'iptables' ...
    (Fedora)
  • Re: [9fans] Do we have a catalog of 9P servers?
    ... iptables on Linux needs to keep in order to provide NAT capabilities it ... You seem to be extremely out of the field with respect to what iptables does and how normal NAT is implemented on a *BSD system. ... do any of you 9fans have an internal network behind a gateway that runs Plan 9? ...
    (comp.os.plan9)
  • MDKSA-2002:030 - temporary fix for netfilter information leak
    ... (NAT) ... It was found that iptables can leak information ... You can view other update advisories for Mandrake Linux at: ... pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team ...
    (Bugtraq)
  • Re: internet connection sharing.
    ... Ummm IPTABLES??? ... script that sets up NAT and does just this. ... > What I would like to do is to change my computer back to RedHat, ...
    (RedHat)