Logging for NAT information with ULOG/NFLOG/LOG

Logging for NAT information with ULOG/NFLOG/LOG

[Hendrik Visage]

Hi there,


 I'm in need to track internal NATted/masquaraded IPs bandwidth
utilization, mapped to which outbound interface was used as I have
multiple outbound routes/interfaces as well as transparent caching as
an encore, and I need to account for the bandwidth used by the
firewall/server too as some service runs on it too.

 What I'm looking for, is something like conntrack -L output, but for
each packet in each direction with it's input, output interfaces and
size, preferably logged via ULOG/NFLOG mechanism and not the kernel
logging method.

 Any advice on how to achieve this?

Thank you
Hendrik VIsage

Re: Logging for NAT information with ULOG/NFLOG/LOG

[Paul Robert Marino]

this is something ive been planing to look at for a while but havent
had the time https://metacpan.org/pod/distribution/Net-Netfilter-NetFlow/bin/nfflowd
this converts conntrack data into netflow data then you should be able
to use any compatible netflow collector to d what you need.

On Sat, Dec 27, 2014 at 5:02 PM, Hendrik Visage <hvjunk@gmail.com> wrote:
> Hi there,
>
>
>  I'm in need to track internal NATted/masquaraded IPs bandwidth
> utilization, mapped to which outbound interface was used as I have
> multiple outbound routes/interfaces as well as transparent caching as
> an encore, and I need to account for the bandwidth used by the
> firewall/server too as some service runs on it too.
>
>  What I'm looking for, is something like conntrack -L output, but for
> each packet in each direction with it's input, output interfaces and
> size, preferably logged via ULOG/NFLOG mechanism and not the kernel
> logging method.
>
>  Any advice on how to achieve this?
>
> Thank you
> Hendrik VIsage
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Logging for NAT information with ULOG/NFLOG/LOG

[Hendrik Visage]

On Sun, Dec 28, 2014 at 11:51 PM, Paul Robert Marino
<prmarino1@gmail.com> wrote:
> this is something ive been planing to look at for a while but havent
> had the time https://metacpan.org/pod/distribution/Net-Netfilter-NetFlow/bin/nfflowd
> this converts conntrack data into netflow data then you should be able
> to use any compatible netflow collector to d what you need.

Hmmm, still not optimal, as you have to still correlate three flows to
get the return (inbound) traffic matched to the relevant internally
NATted IP.

I'm more thinking of proposing a NetFlow V5+/V5bis/V10 to cater for
the NATting phenomena.

Have been giving me food for thought in solving/tracking my troubles,

>
> On Sat, Dec 27, 2014 at 5:02 PM, Hendrik Visage <hvjunk@gmail.com> wrote:
>> Hi there,
>>
>>
>>  I'm in need to track internal NATted/masquaraded IPs bandwidth
>> utilization, mapped to which outbound interface was used as I have
>> multiple outbound routes/interfaces as well as transparent caching as
>> an encore, and I need to account for the bandwidth used by the
>> firewall/server too as some service runs on it too.
>>
>>  What I'm looking for, is something like conntrack -L output, but for
>> each packet in each direction with it's input, output interfaces and
>> size, preferably logged via ULOG/NFLOG mechanism and not the kernel
>> logging method.
>>
>>  Any advice on how to achieve this?
>>
>> Thank you
>> Hendrik VIsage
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html