[LARTC] Classful queuing solution

[Marek Kierdelewicz]

Hi,

>Related, not but strictly to do with tc, is there any way of concisely 
>and effectively logging connections between NATd users and external
>IPs? I need to be able to maintain a log which tells me that a certain
>user was connected to a certain remote host on a certain port at a
>certain time and date, for legal reasons.

You can log traffic with following iptables rule:
iptables -t nat -A PREROUTING -p tcp -j LOG --log-level info
--log-prefix connlog

This will only log new connections, not every packet. Information will
be passed to syslog.