I don''t know if this is the "proper" way to go about doing
this, but here is
one way you could get it done with ip rule and realms. This requires the
iproute2 package to be installed, and all of the pretty policy routing
options enabled in the kernel. This would only be practical for a small
number of addresses, but it looks like you only have 2 so I don''t think
it
will be a big deal.
1) edit /etc/iproute2/rt_realms, and add an entry for each ip address you
want to monitor. The format is:
<number> <realmname>
so:
1 host1
2 host2
2) Then add rules to match the packets to realms.
/sbin/ip rule add from 192.168.130.2/32 lookup table main realms host1(the
realm name)
/sbin/ip rule add from 192.168.130.3/32 lookup table main realms host2
This will assign the traffic from specific hosts to your realms for
accounting, while still looking up the main routing table. After this is
done, just type rtacct to to see the breakdown of packets on each
realm(hence address) by to/from in bytes and number of packets. This may not
be the way you were looking for, but hey...it works and it''s fun. Hope
this
helps.
******************
Tom Steele
Comm/Systems Engineer
Children''s Hospital
Omaha, NE
tsteele@chsomaha.org
-----Original Message-----
From: Sebastian Taralunga [mailto:seba@tcx.ro]
Sent: Thursday, March 14, 2002 7:43 AM
To: VaibhaV Sharma
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] NAT statistics
Thank you VaibhaV,
Your script works just fine however my problem is to get traffic information
about both downlink and uplink on a NAT server. Do you know what iptables
rules
should I use to be able to see such information? Right now my rules look
like
this (generated by iptables-save):
*nat
:PREROUTING ACCEPT [1372:944647]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.130.2 -j MASQUERADE
-A POSTROUTING -s 192.168.130.3 -j MASQUERADE
-----
Regards,
Sebastian
On Thu, 14 Mar 2002, VaibhaV Sharma wrote:
> Hello,
> See the -v option in man iptables
>
>
> -v, --verbose
> Verbose output. This option makes the list command
> show the interface address, the rule options (if
> any), and the TOS masks. The packet and byte counĀ
> ters are also listed, with the suffix ''K'',
''M'' or
> ''G'' for 1000, 1,000,000 and 1,000,000,000
multipliĀ
> ers respectively (but see the -x flag to change
> this). For appending, insertion, deletion and
> replacement, this causes detailed information on
> the rule or rules to be printed.
>
>
> This would give you the amount of data transferred for each rule that you
> have in ur firewall as one of the columns
>
> I wrote a small script to extract amount of data for each client I am
> allowing FORWARD. The script takes the IP address of the machine you wanna
> find info about as the command line parameter.
>
> ------------------------------------------------
> #!/bin/sh
>
> details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v
> OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12`
>
> bytes=`echo $details | cut -d" " -f1`
> ip=`echo $details | cut -d" " -f2`
>
> echo "IP address $ip transferred $bytes bytes."
>
> ------------------------------------------------
>
> The cut thingi''s are customised to the output I get for my rules.
Check
> urs and modify.
>
> VaibhaV
>
>
> On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga"
> <seba@tcx.ro> wrote:
>
> >
> > Hi,
> >
> > I want to be able to get statistics per IP address for both incoming
and
> > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I
> > actually have the same problem for a server running kernel v2.2.20,
> > using ipchains.. Can anyone help me?
> >
> > Regards,
> >
> > Sebastian
>
>
> \ \
> \------------------------------------------------------------------\
> \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ |
> \ |Exocore Consulting | http://www.exocore.com | \ |
> \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \|
> \-----------------------------------------------------------------/
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/