LinuxSA Mailing list archives

  From: Michael Neuling <Michael.Neuling@keyworks.com.au>
  To  : Sam Silvester <ssilvest@bigpond.net.au>
  Date: Wed, 27 Jun 2001 21:30:06 +0800

Re: Firewall Accounting

> I have a linux box connected to the net that does IP Masquerade for
> 4 machines on my network. Is there any way of keeping track of how
> much data is downloaded on a per machine basis? So far I can only
> work out how to track how much they are sending...
> 
> If you need to know any more details let me know!

You can use the byte counters in the packet filter.  Are you
using IPFWADM, IPChains or IPTables?

If you are using IPChains or IPFWADM then you won't see packets in the
forward chain when they come back.  You can't use the input chain
either as the packets are not demasquraded at this point and therefore
you will not be able to tell where they are going.  Therefore you'll
need to put a rule in the output chain matching packets going _to_
each of the internal machines (you may want to filter out packets
coming from the firewall)

IPtables is much simpler (the idiots who did IPChains wouldn't know
their ass from a firewall).  If you are using IPTables then just put a
rule in the forward chain matching packets going to each of the
internal machines.  

Regards,
Michael
--
  "I don't have to be careful.  I got a gun."
    Homer J. Simpson

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject