Is there any way to dynamically measure the no of concurrent internal hosts (IP''s) utilising the linux NAT Gateway/forwarding box. The idea is to measure the no of hosts actively using the gateway. I do not want to measure the no of TCP connections which iptraf does because it does not give the actual no of hosts. _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 07 February 2003 08:35, CLS Prasad wrote:> Is there any way to dynamically measure the no of concurrent internal hosts > (IP''s) utilising the linux NAT Gateway/forwarding box. > The idea is to measure the no of hosts actively using the gateway. I do not > want to measure the no of TCP connections which iptraf does because it does > not give the actual no of hosts.:) On slashdot was an article about the same subject. It can be done if you really want to do so. http://slashdot.org/article.pl?sid=03/02/05/2129218&mode=thread&tid=95 Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
: Is there any way to dynamically measure the no of concurrent internal : hosts (IP''s) utilising the linux NAT Gateway/forwarding box. If you have root level access to the box, you can use a bit of shell to determine the number of concurrent "clients" in any given instant. This assumes, of course, that you don''t have an internally SNATed/masqueraded network which {c,w}ould hide more clients. ipchains? # /sbin/ipchains -MnL | awk ''/[0-9][0-9]:[0-9][0-9]/{print $3}'' \> | sort | uniq | wc -liptables? # awk ''/(ESTABLISHED|ASSURED)/{print $5}'' /proc/net/ip_conntrack \> | sort | uniqNaturally with iptables, you''ll need to know a bit more about your use of the connection tracking to disambiguate any inbound or internal to DMZ connections to accurately count your SNAT/MASQUERADEd connections. The above shell is not designed with efficiency in mind (obviously), but you get the idea. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/