iptables connection analyzer tool?

[daemonflower]

I have the following problem.
I manage a dialin server for my home network. The server serves as web proxy with squid, as well as doing NAT. Up to now, NAT was only used extensively by one person (me). This is about to change.
I need to analyze the connection for the last month, to find out who has to pay which share of the phone bill. This is no problem, as long as all net access uses squid, as I can analyze squid's access.log (there is a tool called squeezer2 I use for this). This breaks down when I use iptables; at least I have not found any tool which can take /var/log/messages (I understand this is the location where netfilter logs its messages) and produce a list of which computer in the internal network has been online for how long.
Now I am not an expert on iptables at all, that much is clear. That being as it is, I would appreciate it if anybody could just tell me a tool which generates this human-readable log from the iptables output. I haven't found anything like that on the net though, so I expect I'll have to roll one on my own. Some issues I have found before I even started to do that:
The internal IP is not recorded, when an connection is forwarded in the router. I don't know how to write a rule to do this.
Not all packets are logged by default. I think to make a reliable accounting tool you have to log every single package, not only the critical or dropped ones, even if that generates a huge log file.
There are other issues, but I'm in an early stage of understanding the problem at all yet. You could obviously tell me to RTFM, and I'd appreciate any hints at good tutorials for what I have in mind as much as ready-made solutions. I can't believe I am the first person to have this problem. Maybe I just used the wrong search terms...