VaibhaV Sharma on Mon, Sep 11, 2000 rearranged electrons thusly:
> Is there any utility / way to know what all activity is being done through a
> masquarading setup? I generally use netstat but the netstat output takes
> some time to understand and trace....
I suppose you can look at lots of ip log analyzers, from the basic ones to
checkpoint (which costs a bomb, and _is_ a bomb, btw).
Or just do # /sbin/ipchains -L -M ... you'll get a nice list
I hope this is neat enough for you ...
[root@hobbit] ~# /sbin/ipchains -L -M
IP masquerading entries
prot expire source destination ports
TCP 14:36.93 10.0.3.29 64.41.181.230 1666 (61056) -> www
TCP 01:40.62 10.0.3.14 palawan.infophil.com 3724 (61040) -> www
TCP 14:23.71 10.0.3.23 cs1.msg.yahoo.com 1054 (64251) -> 5050
TCP 11:25.21 10.0.3.52 cs1.msg.yahoo.com 2118 (62458) -> 5050
UDP 00:42.94 10.0.3.43 202.54.85.45 1326 (64805) -> domain
> Any other way to know how many users are doing ftp, www, / connections to
> other ports on servers on the Internet etc....
If you need anything above this, I suggest you buy one of the commercial
firewalls ...
-suresh
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
