From freenx-knx  Fri Feb 09 16:12:49 2007
From: mir <mir () ogrody ! gda ! pl>
Date: Fri, 09 Feb 2007 16:12:49 +0000
To: freenx-knx
Subject: Re: [FreeNX-kNX] Logging user traffic
Message-Id: <1171037569.6588.31.camel () mir ! ogrody>
X-MARC-Message: https://marc.info/?l=freenx-knx&m=117103757823393

I can log traffic without Mark (Mark probably do not work for OUTPUT
chain) for example:
iptables -A OUTPUT -o eth0 -syn -m owner --uid-owner 1000 -j LOG
--log-prefix -mirek-
Logs all ACK packets for user id 1000. 
Similar probably I can log packets with SYN flag. 
But quality of this tool is not good enough. 
Maybe someone  has good tools to decode this type of logs to get for
example number of transfered bytes instead of many logged ack packets.

Till now I prefer to hack kernel. Host with hacked kernel do not need
any log. If someone from outside claim, that there was any abuse from my
host, and He can give me a port on my host  and I can easy decode user
who made abuse. 

Mirek

On Thu, 2007-02-08 at 23:00 +0100, Revellion wrote:
> Why not use -m owner on the iptables of the freenx host to mark the
> packages?
> 
> like iptables -A OUTPUT -m owner --uid-owner <uid-of-a-user> -j MARK
> --set-mark 0xblahnumber ?
> 

> 

________________________________________________________________
     Were you helped on this list with your FreeNX problem?
    Then please write up the solution in the FreeNX Wiki/FAQ:
  http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
         Don't forget to check the NX Knowledge Base:
                 http://www.nomachine.com/kb/ 

________________________________________________________________
       FreeNX-kNX mailing list --- FreeNX-kNX@kde.org
      https://mail.kde.org/mailman/listinfo/freenx-knx
________________________________________________________________