256 lines
4.9 KiB
HTML
256 lines
4.9 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>( ACCOUNTING ) - I need to do accounting on who is using the network</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux IP Masquerade HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Frequently Asked Questions"
|
|
HREF="faq.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="( SHAPING ) - I want to be able to limit the speed of specific types of
|
|
traffic"
|
|
HREF="shaping.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to
|
|
PORTFW to several internal machines. How do I do this?"
|
|
HREF="multiple-ips.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux IP Masquerade HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="shaping.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 7. Frequently Asked Questions</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="multiple-ips.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="ACCOUNTING"
|
|
></A
|
|
>7.31. ( ACCOUNTING ) - I need to do accounting on who is using the network</H1
|
|
><P
|
|
>Though this doesn't have much to do with IPMASQ, here are a few ideas. If you
|
|
know of a better solution, please email the author of this HOWTO so it can be
|
|
added to the HOWTO.</P
|
|
><P
|
|
> <P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>Idea #1: You could run the command:
|
|
<TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>IPCHAINS: "ipchains -L -M"
|
|
|
|
IPTABLES: "cat /proc/net/ip_conntrack"
|
|
|
|
IPFWADM:</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
once a second and log all of those entries. You could then write a program
|
|
to merge this information into one large file. Again, this will only
|
|
provide you with the remote IP address and nothing about the content viewed
|
|
or downloaded.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Idea #2: Log every packet: You can match any specific traffic flows but
|
|
this method will create VERY LARGE log files. Unfortunately, these log files
|
|
aren't very readable and it doesn't tell you what was transfered (FTP files,
|
|
etc.). Fortunately, setting up this form of accounting is easy.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Idea #3: Say you want to log all traffic going out onto the internet. You
|
|
can setup a firewall rule to accept port 80 traffic with with the SYN bit set
|
|
and log it. Now mind you, this will create smaller log files than the idea
|
|
above but you will only know the destination IP address and NOT the WWW pages
|
|
viewed.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Idea #4: Transparent Proxy: This method really doesn't use IPMASQ since it
|
|
requires the installation and setup of the Squid HTTP/FTP proxy server.
|
|
The benefit of this method is that internal users won't notice anything
|
|
different in terms of connectivity but now the SysAdmin gets a LOT more
|
|
information (files downloaded, etc). But, there are pros/cons to setting this
|
|
up:
|
|
</P
|
|
><P
|
|
> Pro:
|
|
</P
|
|
><P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> + full logging of all transferred files and issues FTP commands
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> + you can enable caching on the proxy server. With caching, you can save
|
|
bandwidth since once a file is downloaded, any identical file
|
|
requests will be served via the cache and not redownloaded via
|
|
the Internet connection.
|
|
</P
|
|
></LI
|
|
></UL
|
|
><P
|
|
> Con:
|
|
</P
|
|
><P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> - Setting up a transparent proxy is complicated as it requires kernel
|
|
changes, setting up Squid, etc.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> - Could be overkill for a small installation.
|
|
</P
|
|
></LI
|
|
></UL
|
|
><P
|
|
> Please see the <A
|
|
HREF="http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/index.html"
|
|
TARGET="_top"
|
|
>Advanced Routing HOWTO</A
|
|
> for more details.
|
|
</P
|
|
></LI
|
|
></UL
|
|
> </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="shaping.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="multiple-ips.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>( SHAPING ) - I want to be able to limit the speed of specific types of
|
|
traffic</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="faq.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to
|
|
PORTFW to several internal machines. How do I do this?</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |