<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >( ACCOUNTING ) - I need to do accounting on who is using the network</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Linux IP Masquerade HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Frequently Asked Questions" HREF="faq.html"><LINK REL="PREVIOUS" TITLE="( SHAPING ) - I want to be able to limit the speed of specific types of traffic" HREF="shaping.html"><LINK REL="NEXT" TITLE="( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to PORTFW to several internal machines. How do I do this?" HREF="multiple-ips.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Linux IP Masquerade HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="shaping.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 7. Frequently Asked Questions</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="multiple-ips.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="ACCOUNTING" ></A >7.31. ( ACCOUNTING ) - I need to do accounting on who is using the network</H1 ><P >Though this doesn't have much to do with IPMASQ, here are a few ideas. If you know of a better solution, please email the author of this HOWTO so it can be added to the HOWTO.</P ><P > <P ></P ><UL ><LI ><P >Idea #1: You could run the command: <TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >IPCHAINS: "ipchains -L -M" IPTABLES: "cat /proc/net/ip_conntrack" IPFWADM:</PRE ></FONT ></TD ></TR ></TABLE > once a second and log all of those entries. You could then write a program to merge this information into one large file. Again, this will only provide you with the remote IP address and nothing about the content viewed or downloaded.</P ></LI ><LI ><P >Idea #2: Log every packet: You can match any specific traffic flows but this method will create VERY LARGE log files. Unfortunately, these log files aren't very readable and it doesn't tell you what was transfered (FTP files, etc.). Fortunately, setting up this form of accounting is easy.</P ></LI ><LI ><P >Idea #3: Say you want to log all traffic going out onto the internet. You can setup a firewall rule to accept port 80 traffic with with the SYN bit set and log it. Now mind you, this will create smaller log files than the idea above but you will only know the destination IP address and NOT the WWW pages viewed.</P ></LI ><LI ><P > Idea #4: Transparent Proxy: This method really doesn't use IPMASQ since it requires the installation and setup of the Squid HTTP/FTP proxy server. The benefit of this method is that internal users won't notice anything different in terms of connectivity but now the SysAdmin gets a LOT more information (files downloaded, etc). But, there are pros/cons to setting this up: </P ><P > Pro: </P ><P ></P ><UL ><LI ><P > + full logging of all transferred files and issues FTP commands </P ></LI ><LI ><P > + you can enable caching on the proxy server. With caching, you can save bandwidth since once a file is downloaded, any identical file requests will be served via the cache and not redownloaded via the Internet connection. </P ></LI ></UL ><P > Con: </P ><P ></P ><UL ><LI ><P > - Setting up a transparent proxy is complicated as it requires kernel changes, setting up Squid, etc. </P ></LI ><LI ><P > - Could be overkill for a small installation. </P ></LI ></UL ><P > Please see the <A HREF="http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/index.html" TARGET="_top" >Advanced Routing HOWTO</A > for more details. </P ></LI ></UL > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="shaping.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="multiple-ips.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >( SHAPING ) - I want to be able to limit the speed of specific types of traffic</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="faq.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to PORTFW to several internal machines. How do I do this?</TD ></TR ></TABLE ></DIV ></BODY ></HTML >