стоит slackware 9, netacct-mysql 0.78. два интерфейса - eth1 - локалка, eth2 - внешняя сеть.
настройки iptables:

IPTABLES="/usr/sbin/iptables"
INET_IP="195.206.х.х"
INET_IFACE="eth2"
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP

проблема - как учитывать трафик с внутренних ай-пи адресов?? так как происходит трансляция, то в src поле стоит ай-пи-адрес eth2.

лог отладки:
11/05 09:49:30 [STATE] analyzis for src 195.206.х.х, dst 192.168.3.23, src_flg -111/05 09:49:30 [STATE] , peer_flg 0
11/05 09:49:32 [STATE] analyzis for src 192.168.3.167, dst 195.206.х.х, src_flg 111/05 09:49:32 [STATE] , peer_flg 0
11/05 09:49:32 [STATE] analyzis for src 195.206.х.х, dst 192.168.3.167, src_flg -111/05 09:49:32 [STATE] , peer_flg 0
11/05 09:49:33 [STATE] analyzis for src 195.206.х.х, dst 192.168.3.167, src_flg -111/05 09:49:33 [STATE] , peer_flg 0
11/05 09:49:33 [STATE] analyzis for src 195.206.х.х, dst 192.168.3.167, src_flg -111/05 09:49:33 [STATE] , peer_flg 0

конфиг netacct:

compactnet 192.168.3.0 255.255.255.0

                                # log traffic only for these networks
                                # all other packets are NOT logged

#ournet 62.73.77.0 255.255.255.0
ournet 192.168.3.0 255.255.255.0
                                # Ours IP nets for diferenciation of
                                # peering traffic types

#direct_peer 217.75.132.0 255.255.255.0
#direct_peer 62.176.90.0 255.255.255.0
#direct_peer 212.72.212.0 255.255.255.0
#direct_peer 217.75.136.0 255.255.255.0
#direct_peer 194.12.226.80 255.255.255.240
#direct_peer 194.12.233.96 255.255.255.224
#direct_peer 194.12.233.160 255.255.255.224
direct_peer 1.1.1.1 255.255.255.255

                                # log traffic between 2 or more regional ISP-s

flush 300                       # flush every 5 minutes
                                # this gives the interval in seconds
                                # when the accumulated data is flushed
                                # to the output file

errdelay 2
fdelay 60

notdev eth2                     # Dont log entries for this device
                                # Use this on routers that you dont
                                # log forwarded packets twice.

device eth1                     # device to put into promiscous mode
                                # you can specify as many as you want
                                # and you don't have to specify one
                                # (e.g. if this runs on your router)
                                #
                                # if you plan to use it on some *BSD
                                # system put here apropriate device
                                # i.e. - device ep0

iflimit eth1                    # on machines with multiple interfaces,
                                # log only packets on this interface
                                # mutually exclusive with hostlimit

ignoremask 255.255.255.0        # Ignore traffic on same class C net
                                # This means traffic that is on
                                # your local LAN is not counted.
                                # This is useful for NFS etc.
                                # Not giving this option causes everything
                                # to be counted.
                                # This can degrade performance seriously!

ignorenet 127.0.0.0 255.0.0.0   # ignore loopback net
                                # You can define as many ignorenets as
                                # you want. Ignoring a net with
                                # ignorenet is not as efficient as
                                # ignoremask. Thus you should exclude
                                # your local network with ignoremask,
                                # not with ignorenet (although this is
                                # is possible).

debug 4                         # set debugging level
debugfile /tmp/nacctd.debug     # where to put debugging info