[LARTC] NAT-aware traffic analysis
Marco Aurelio
marco.casaroli at gmail.com
Thu Sep 6 07:42:48 CEST 2007
If you use IFB or IMQ you can shape the outgoing WAN traffic before NAT
On 9/5/07, Martin A. Brown <martin at linux-ip.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings,
>
> : I have tried using iptraf for my NAT firewall to analyse the IP
> : traffic. Basically I am faced with this difficulty of related the
> : source IP to the outgoing interface to the internet, so I am
> : wondering if anyone has a suggestion for a different ways to do
> : it, or a suggestion for a better tool.
>
> I don't know of a flow analysis tool that records internal and
> external addresses at the NAT boundary. Without knowing how you
> separate your traffic outbound, it'd be hard for us to guess what
> the shortcomings of any of these solutions might be, but here are a
> few ideas:
>
> * Record the state of /proc/net/ip_conntrack and your flow
> information snapshots at exactly the same time. Use the
> ip_conntrack state information (programmatically) to yield
> the answers you want about usage information.
>
> * Use a flow analysis tool (e.g., argus) to record the flow
> information on your internal interface. Since you built the
> rules for distributing traffic and selecting the path for
> outbound flows, you should be able to map this same logic onto
> your recorded flows.
>
> In short, I think you may have better luck approaching the problem
> as a flow-analysis problem than a statistical summarization of
> traffic on any specific interface.
>
> Good luck,
>
> - -Martin
>
> - --
> Martin A. Brown
> http://linux-ip.net/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)
>
> iD8DBQFG3i65HEoZD1iZ+YcRAkqiAJ4rp7p3Sg+b4i0PYvpXRlHZtrm/ogCfe52L
> 00fFE3OOeNHP8QIiTRuB9LM=
> =Egrt
> -----END PGP SIGNATURE-----
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
--
Marco Casaroli
SapucaiNet Telecom
+55 35 34712377 ext. 5
More information about the LARTC
mailing list