Hi. Soon I will be changing my Internet link and I would like to test it for some time, while the old link stays up as a backup. Is this possible to use two links with different speed (192kbps leased line and 1Mbps fiber-channel) and what do I need, where to read about it? Greetz. -- ########################################## # | p0wer | # # __ | GG#1877248 | # # (oo) | p0wer@bojko.eu.org | # # / \/ \ Go away or I will replace you # # `V__V'' with a very small shell script. # ##########################################
Hi, It requested a completely new kernel (and make mrproper ;-) ) but I got tc to work and The Ultimate ... script (CBQ) runs without problems. But... after applying it the bandwith for downloading drops enormously (from +800 to below 650). Is this normal? Can this be altered? Is this a stupid question? Help is appreciated! Regards, Frank
Hi. Soon I will be changing my Internet link and I would like to test it for some time, while the old link stays up as a backup. Is this possible to use two links with different speed (192kbps leased line and 1Mbps fiber-channel) and what do I need, where to read about it? Greetz. -- ########################################## # | p0wer | # # __ | GG#1877248 | # # (oo) | p0wer@bojko.eu.org | # # / \/ \ Go away or I will replace you # # `V__V'' with a very small shell script. # ##########################################
Hello, Check docum.org And this link http://www.linux.ie/pipermail/ilug/2002-January/041528.html HTH. VaibhaV On Thu, 14 Mar 2002 08:09:50 +0100 (CET) "Rados³aw £oboda" <p0wer@tl.krakow.pl> wrote:> > Hi. > > Soon I will be changing my Internet link and I would like to test it for > some time, while the old link stays up as a backup. Is this possible to > use two links with different speed (192kbps leased line and 1Mbps > fiber-channel) and what do I need, where to read about it? > > Greetz.\ \ \------------------------------------------------------------------\ \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | \ |Exocore Consulting | http://www.exocore.com | \ | \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| \-----------------------------------------------------------------/
Hi, I want to be able to get statistics per IP address for both incoming and outgoing traffic on a NAT server using iptables and kernel v2.4.18. I actually have the same problem for a server running kernel v2.2.20, using ipchains.. Can anyone help me? Regards, Sebastian
Hello,
See the -v option in man iptables
       -v, --verbose
              Verbose output.  This option makes the list command
              show the interface address, the  rule  options  (if
              any), and the TOS masks.  The packet and byte coun
              ters are also listed, with the suffix ''K'', 
''M''  or
              ''G'' for 1000, 1,000,000 and 1,000,000,000
multipli
              ers respectively (but see the  -x  flag  to  change
              this).   For  appending,  insertion,  deletion  and
              replacement, this causes  detailed  information  on
              the rule or rules to be printed.
This would give you the amount of data transferred for each rule that you
have in ur firewall as one of the columns
I wrote a small script to extract amount of data for each client I am
allowing FORWARD. The script takes the IP address of the machine you wanna
find info about as the command line parameter.
------------------------------------------------
#!/bin/sh
details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v
OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12`
bytes=`echo $details | cut -d" " -f1`
ip=`echo $details | cut -d" " -f2`
echo "IP address $ip transferred $bytes bytes."
------------------------------------------------
The cut thingi''s are customised to the output I get for my rules. Check
urs and modify.
VaibhaV
On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga"
<seba@tcx.ro> wrote:
> 
> Hi,
> 
> I want to be able to get statistics per IP address for both incoming and
> outgoing traffic on a NAT server using iptables and kernel v2.4.18. I
> actually have the same problem for a server running kernel v2.2.20,
> using ipchains.. Can anyone help me?
> 
> Regards,
> 
> Sebastian
 \                                                                  \
  \------------------------------------------------------------------\
\  |VaibhaV Sharma     |     vaibhav@exocore.com  |   L I N U X   \  |
 \ |Exocore Consulting |  http://www.exocore.com  |                \ |
  \|Bangalore, India   |  +91(80)3440397,3341137  |   R O C K S     \|
   \-----------------------------------------------------------------/
Thank you VaibhaV, Your script works just fine however my problem is to get traffic information about both downlink and uplink on a NAT server. Do you know what iptables rules should I use to be able to see such information? Right now my rules look like this (generated by iptables-save): *nat :PREROUTING ACCEPT [1372:944647] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.130.2 -j MASQUERADE -A POSTROUTING -s 192.168.130.3 -j MASQUERADE ----- Regards, Sebastian On Thu, 14 Mar 2002, VaibhaV Sharma wrote:> Hello, > See the -v option in man iptables > > > -v, --verbose > Verbose output. This option makes the list command > show the interface address, the rule options (if > any), and the TOS masks. The packet and byte coun > ters are also listed, with the suffix ''K'', ''M'' or > ''G'' for 1000, 1,000,000 and 1,000,000,000 multipli > ers respectively (but see the -x flag to change > this). For appending, insertion, deletion and > replacement, this causes detailed information on > the rule or rules to be printed. > > > This would give you the amount of data transferred for each rule that you > have in ur firewall as one of the columns > > I wrote a small script to extract amount of data for each client I am > allowing FORWARD. The script takes the IP address of the machine you wanna > find info about as the command line parameter. > > ------------------------------------------------ > #!/bin/sh > > details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > bytes=`echo $details | cut -d" " -f1` > ip=`echo $details | cut -d" " -f2` > > echo "IP address $ip transferred $bytes bytes." > > ------------------------------------------------ > > The cut thingi''s are customised to the output I get for my rules. Check > urs and modify. > > VaibhaV > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > <seba@tcx.ro> wrote: > > > > > Hi, > > > > I want to be able to get statistics per IP address for both incoming and > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I > > actually have the same problem for a server running kernel v2.2.20, > > using ipchains.. Can anyone help me? > > > > Regards, > > > > Sebastian > > > \ \ > \------------------------------------------------------------------\ > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > \ |Exocore Consulting | http://www.exocore.com | \ | > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > \-----------------------------------------------------------------/ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >
Hello, you can use the ipac-ng (http://sourceforge.net/projects/ipac-ng/) toolset to implement counters with iptables. ipac-ng generates iptables-rulesjust for accounting, this data can be summarized and even be graphed. ( i use mrtg for graphing the data, but ipac-ng includes a graph-generator itself) i hope that''s what you were looking for Tobias On Thu, Mar 14, 2002 at 03:43:09PM +0200, Sebastian Taralunga wrote:> > Thank you VaibhaV, > > Your script works just fine however my problem is to get traffic information > about both downlink and uplink on a NAT server. Do you know what iptables rules > should I use to be able to see such information? Right now my rules look like > this (generated by iptables-save): > > *nat > :PREROUTING ACCEPT [1372:944647] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A POSTROUTING -s 192.168.130.2 -j MASQUERADE > -A POSTROUTING -s 192.168.130.3 -j MASQUERADE > > ----- > > Regards, > > Sebastian > > On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > > > Hello, > > See the -v option in man iptables > > > > > > -v, --verbose > > Verbose output. This option makes the list command > > show the interface address, the rule options (if > > any), and the TOS masks. The packet and byte coun > > ters are also listed, with the suffix ''K'', ''M'' or > > ''G'' for 1000, 1,000,000 and 1,000,000,000 multipli > > ers respectively (but see the -x flag to change > > this). For appending, insertion, deletion and > > replacement, this causes detailed information on > > the rule or rules to be printed. > > > > > > This would give you the amount of data transferred for each rule that you > > have in ur firewall as one of the columns > > > > I wrote a small script to extract amount of data for each client I am > > allowing FORWARD. The script takes the IP address of the machine you wanna > > find info about as the command line parameter. > > > > ------------------------------------------------ > > #!/bin/sh > > > > details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v > > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > > > bytes=`echo $details | cut -d" " -f1` > > ip=`echo $details | cut -d" " -f2` > > > > echo "IP address $ip transferred $bytes bytes." > > > > ------------------------------------------------ > > > > The cut thingi''s are customised to the output I get for my rules. Check > > urs and modify. > > > > VaibhaV > > > > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > > <seba@tcx.ro> wrote: > > > > > > > > Hi, > > > > > > I want to be able to get statistics per IP address for both incoming and > > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I > > > actually have the same problem for a server running kernel v2.2.20, > > > using ipchains.. Can anyone help me? > > > > > > Regards, > > > > > > Sebastian > > > > > > \ \ > > \------------------------------------------------------------------\ > > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > > \ |Exocore Consulting | http://www.exocore.com | \ | > > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > > \-----------------------------------------------------------------/ > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Fri, Mar 08, 2002 at 11:13:14AM +0100, Frank Maas wrote:> Hi, > > It requested a completely new kernel (and make mrproper ;-) ) but I got tc > to work and The Ultimate ... script (CBQ) runs without problems. But... after > applying it the bandwith for downloading drops enormously (from +800 to below > 650). Is this normal? Can this be altered? Is this a stupid question? > > Help is appreciated!Try tuning the parameters in the script. You need to figure out how high you can set them before the latency returns. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
Well, iptables accounting thingi would give you bytes transferred only for the rules that you have in your firewall. Its a cruddy way of doing things, but if you want both incoming and outgoing traffic logging, put in dummy rules for incoming and outgoing traffic on a per IP basis. e.g. just giving you an example, by default, all incoming packets are set to ACCEPT in the INPUT chain. If you wanna know how much traffic is coming from your clients to your machine, put in INPUT ACCEPT rules for each machine. You''ll now get bytes transferred for these rules. Extract the info and use. This would get cruddy if you have tons of machines sitting behind your firewall. Better way to do is to use some network sniffing tool which can generate stats, which ofcourse is not in the scope of discussions of this list. I dunno if there is a better way of doing this using iptables. Maybe someone else can shed some light on this. VaibhaV On Thu, 14 Mar 2002 15:43:09 +0200 (EET) "Sebastian Taralunga" <seba@tcx.ro> wrote:> > Thank you VaibhaV, > > Your script works just fine however my problem is to get traffic > information about both downlink and uplink on a NAT server. Do you know > what iptables rules should I use to be able to see such information? > Right now my rules look like this (generated by iptables-save): > > *nat > :PREROUTING ACCEPT [1372:944647] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A POSTROUTING -s 192.168.130.2 -j MASQUERADE > -A POSTROUTING -s 192.168.130.3 -j MASQUERADE > > ----- > > Regards, > > Sebastian > > On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > > > Hello, > > See the -v option in man iptables > > > > > > -v, --verbose > > Verbose output. This option makes the list command > > show the interface address, the rule options (if > > any), and the TOS masks. The packet and byte coun > > ters are also listed, with the suffix ''K'', ''M'' or > > ''G'' for 1000, 1,000,000 and 1,000,000,000 multipli > > ers respectively (but see the -x flag to change > > this). For appending, insertion, deletion and > > replacement, this causes detailed information on > > the rule or rules to be printed. > > > > > > This would give you the amount of data transferred for each rule that > > you have in ur firewall as one of the columns > > > > I wrote a small script to extract amount of data for each client I am > > allowing FORWARD. The script takes the IP address of the machine you > > wanna find info about as the command line parameter. > > > > ------------------------------------------------ > > #!/bin/sh > > > > details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep > > -v OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > > > bytes=`echo $details | cut -d" " -f1` > > ip=`echo $details | cut -d" " -f2` > > > > echo "IP address $ip transferred $bytes bytes." > > > > ------------------------------------------------ > > > > The cut thingi''s are customised to the output I get for my rules. > > Check urs and modify. > > > > VaibhaV > > > > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > > <seba@tcx.ro> wrote: > > > > > > > > Hi, > > > > > > I want to be able to get statistics per IP address for both incoming > > > and outgoing traffic on a NAT server using iptables and kernel > > > v2.4.18. I actually have the same problem for a server running > > > kernel v2.2.20, using ipchains.. Can anyone help me? > > > > > > Regards, > > > > > > Sebastian > > > > > > \ \ > > \------------------------------------------------------------------\ > > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > > \ |Exocore Consulting | http://www.exocore.com | \ | > > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > > \-----------------------------------------------------------------/ > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >\ \ \------------------------------------------------------------------\ \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | \ |Exocore Consulting | http://www.exocore.com | \ | \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| \-----------------------------------------------------------------/