Tracking forwarded traffic

Question

I have following set up :

a machine with a public IP with several machines with static IP behind it (NAT).

How would I monitor the traffic they generate on a per IP basis (the LAN ip to which traffic gets forwarded) ?

score 2 · Accepted Answer · answered Dec 15 '11 at 11:36

2

I think you can use some netflow sensor (for example fprobe, ipcad) and then export it to some collector. I used UTM5, but it's paid. I think there should be some free netflow collectors. For momentary snapshot of traffic you can use iftop.

answered Dec 15 '11 at 11:36

Slezhuk

375
1
2
6

score 1 · Answer 2 · answered Dec 15 '11 at 12:33

If your gateway box is running Linux, you could use an iptables -j LOG parameter. Something like this:

iptables -A FORWARD -i eth1 -o eth0 -j LOG

You'd then have to configure your syslog to send that log data somewhere where the I/O won't hurt the process. You could also limit the I/O required by only logging tcp connection packets. Just replace the above with this:

iptables -A FORWARD -i eth1 -o eth0 -p tcp --syn -j LOG

Tracking forwarded traffic

2 Answers2