From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marek Kierdelewicz <marek@piasta.pl>
Date: Sun, 02 Sep 2007 11:43:02 +0000
Subject: Re: [LARTC] Classful queuing solution
Message-Id: <20070902134302.2b979884@catlap>
List-Id: <lartc.vger.kernel.org>
References: <46CD7147.1090900@bristol.ac.uk>
In-Reply-To: <46CD7147.1090900@bristol.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,

>Related, not but strictly to do with tc, is there any way of concisely 
>and effectively logging connections between NATd users and external
>IPs? I need to be able to maintain a log which tells me that a certain
>user was connected to a certain remote host on a certain port at a
>certain time and date, for legal reasons.

You can log traffic with following iptables rule:
iptables -t nat -A PREROUTING -p tcp -j LOG --log-level info
--log-prefix connlog

This will only log new connections, not every packet. Information will
be passed to syslog.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc