[FreeNX-kNX] Logging user traffic

Revellion revellion at gmail.com
Thu Feb 8 22:00:31 UTC 2007 

Why not use -m owner on the iptables of the freenx host to mark the
packages?

like iptables -A OUTPUT -m owner --uid-owner <uid-of-a-user> -j MARK
--set-mark 0xblahnumber ?

2007/2/8, mir <mir at ogrody.gda.pl>:
>
> Hi to all
> Till now, My Linux box was a gateway to internet for small net ~20
> hosts. I want to change it,  I've started Freenx server on Debian Etch
> and I plan to cut direct connection from local hosts to internet
> (security reason). On gateway Linux box I implemented net-acct  to log
> all traffic from local host to internet hosts.
>
> My problem to start Freenx server for my network users and cut direct
> connection is: How to identify outgoing connection per user, similar way
> net-acct do.
>
> First Idea was to patch Linux kernel on box running Freenx server.
> Patched kernel should assign for outgoing connections tcp/udp ports
> depending on user (owner of this connection). This way I could simply
> recognize who made any logged connection. There is also patch for 2.4
> kernel http://www.ex-parrot.com/~pdw/user-port-hack/
> But for kernel 2.6, I found nothing. Maybe someone could adopt this
> patch for kernel 2.6
> Maybe someone has different idea, how to log user traffic from host
> running Freenx server ?
>
> To change all computers in local network to be only terminals for freenx
> server I think user connection logging problem should be solved.
>
> Mirek
>
>
>
> ________________________________________________________________
>      Were you helped on this list with your FreeNX problem?
>     Then please write up the solution in the FreeNX Wiki/FAQ:
>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>          Don't forget to check the NX Knowledge Base:
>                  http://www.nomachine.com/kb/
>
> ________________________________________________________________
>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>       https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20070208/e3fdceee/attachment.html>

More information about the FreeNX-kNX mailing list