[mdlug] who's using a port on a iptables firewall

[Mark Thuemmel]

I want to get a list of ports/IPs that are in the last minute activity 
having traffic going through my firewall.  I'd like to run it once a 
minute to generate a report of all users on selected ports so I know who 
is accessing it

For example traffic coming in the public Internet eth0 on port 6000 is 
redirected to port 5000 on op 192.168.1.111 on eth1 internal network and 
the user.

I don't think netstat will work because the program is running on the 
local users workstation, not the Linux firewall.  netstat would only 
show active connections to the firewall box, not the internal netowrk.

i was thinking piping the output from a network capture through some 
kind of grep maybe.

Anyone have a way to list the traffic flowing though iptables?